Machine Learning >> Anomaly Detection >> Jobs
I am trying to come out with an ESQL query to consolidate all job messages that is non-info. warning or errors.
Example of message
Time Node Message
202X-XX-XX 16:24:32 instance-XXXXXX Datafeed has missed 12 documents due to ingest latency
However I am facing trouble finding the correct table to retrieve the message.
I have attempted to use the ".ml-anomalies*" index pattern but to no avail.
I can see the jobs but i cant locate the message fields. any advice?
Hello @Whoami1980
If you are looking for below messages :
Check for index .ml-notifications-*
Thanks!!
I tried with index .ml-notifications-*
it appears it only have the field "forecast_messages"
but it doesnt have the field "message" 
POST /_query?format=txt
{
"query": """
FROM .ml-anomalies*
| WHERE (job_id) == "pred_maint-firewall-deny-high-count"
AND message IN ("Datafeed stopped", "Job opened")
| LIMIT 10
"""
}
{
"error": {
"root_cause": [
{
"type": "verification_exception",
"reason": """Found 1 problem
line 4:9: Unknown column [message]"""
}
],
"type": "verification_exception",
"reason": """Found 1 problem
line 4:9: Unknown column [message]"""
},
"status": 400
}
Hello @Whoami1980
I see the index name is wrong & not the one which was suggested :
POST /_query?format=txt
{
"query": """
FROM .ml-notifications*
| WHERE (job_id) == "kibana-logs"
AND message IN ("Datafeed stopped", "Job opened")
| LIMIT 10
"""
}
I am not sure if for 8.19.x the field name is different in that case you can use that fieldname what is available in the index.
Thanks!!
