Link Search Menu Expand Document Documentation Menu
Documentation

Search Anomaly Results tool

Introduced 2.13

The SearchAnomalyResultsTool retrieves information about anomaly detector results. For more information about anomaly detectors, see Anomaly detection.

Step 1: Register a flow agent that will run the SearchAnomalyResultsTool

A flow agent runs a sequence of tools in order and returns the last tool’s output. To create a flow agent, send the following register agent request:

POST /_plugins/_ml/agents/_register
{
  "name": "Test_Agent_For_Search_Anomaly_Results_Tool",
  "type": "flow",
  "description": "this is a test agent for the SearchAnomalyResultsTool",
  "memory": {
    "type": "demo"
  },
  "tools": [
    {
      "type": "SearchAnomalyResultsTool",
      "name": "DemoSearchAnomalyResultsTool",
      "parameters": {}
    }
  ]
}

For parameter descriptions, see Register parameters.

OpenSearch responds with an agent ID:

{
  "agent_id": "HuJZYo0B9RaBCvhuUlpy"
}

Step 2: Run the agent

Run the agent by sending the following request:

POST /_plugins/_ml/agents/HuJZYo0B9RaBCvhuUlpy/_execute
{
  "parameters": {
    "question": "Do I have any anomalies?"
  }
}

OpenSearch responds with a list of individual anomaly detectors set up on your cluster (where each result contains the detector ID, the anomaly grade, and the confidence level) and the total number of anomaly results found:

{
  "inference_results": [
    {
      "output": [
        {
          "name": "response",
          "result": "AnomalyResults=[{detectorId=ef9lYo0Bk4MTqircmjnm,grade=1.0,confidence=0.9403051246569198}{detectorId=E-JlYo0B9RaBCvhunFtw,grade=1.0,confidence=0.9163498216870274}]TotalAnomalyResults=2"
        }
      ]
    }
  ]
}

If no anomalies are found, OpenSearch responds with an empty array in the results:

{
  "inference_results": [
    {
      "output": [
        {
          "name": "response",
          "result": "AnomalyResults=[]TotalAnomalyResults=0"
        }
      ]
    }
  ]
}

Register parameters

The following table lists all tool parameters that are available when registering an agent. All parameters are optional.

Parameter Type Description
detectorId String The ID of the detector from which to return results.
realTime Boolean Whether to return real-time anomaly detector results. Set this parameter to false to return only historical analysis results.
anomalyGradeThreshold Float The minimum anomaly grade for the returned anomaly detector results. Anomaly grade is a number between 0 and 1 that indicates how anomalous a data point is.
dataStartTime Long The earliest time for which to return anomaly detector results, in epoch milliseconds.
dataEndTime Long The latest time for which to return anomaly detector results, in epoch milliseconds.
sortOrder String The sort order for the results. Valid values are asc (ascending) and desc (descending). Default is desc.
sortString String Specifies the detector field by which to sort the results. Default is data_start_time.
size Integer The number of results to return. Default is 20.
startIndex Integer The paginated index of the result to start from. Default is 0.

Execute parameters

The following table lists all tool parameters that are available when running the agent.

Parameter Type Required/Optional Description
question String Required The natural language question to send to the LLM.
350 characters left

Have a question? .

Want to contribute? or .