Complete ML operations including anomaly detection jobs, data frame analytics, trained model management, datafeeds, and ML inference capabilities for advanced data analysis and pattern detection.
Create and manage anomaly detection jobs for time series analysis.
/**
* Create anomaly detection job
* @param params - Job creation parameters
* @returns Promise with job creation result
*/
function putJob(params: {
/** Job identifier */
job_id: Id;
/** Analysis configuration */
analysis_config: MlAnalysisConfig;
/** Data description */
data_description: MlDataDescription;
/** Job description */
description?: string;
/** Model plot configuration */
model_plot_config?: MlModelPlotConfig;
/** Result index name */
results_index_name?: IndexName;
/** Job groups */
groups?: string[];
/** Model snapshot retention days */
model_snapshot_retention_days?: number;
/** Daily model snapshot retention after days */
daily_model_snapshot_retention_after_days?: number;
/** Results retention days */
results_retention_days?: number;
/** Analysis limits */
analysis_limits?: MlAnalysisLimits;
/** Renormalization window days */
renormalization_window_days?: number;
/** Background persist interval */
background_persist_interval?: Duration;
/** Allow lazy open */
allow_lazy_open?: boolean;
}): Promise<TransportResult<MlPutJobResponse, unknown>>;
interface MlAnalysisConfig {
/** Bucket span duration */
bucket_span: Duration;
/** Analysis detectors */
detectors: MlDetector[];
/** Categorization field name */
categorization_field_name?: Field;
/** Categorization filters */
categorization_filters?: string[];
/** Categorization analyzer */
categorization_analyzer?: MlCategorizationAnalyzer;
/** Influencers */
influencers?: Field[];
/** Latency */
latency?: Duration;
/** Multivariate by fields */
multivariate_by_fields?: boolean;
/** Summary count field name */
summary_count_field_name?: Field;
/** Model prune window */
model_prune_window?: Duration;
/** Per partition categorization */
per_partition_categorization?: MlPerPartitionCategorization;
}
interface MlDetector {
/** Detector function */
function: string;
/** Field name */
field_name?: Field;
/** By field name */
by_field_name?: Field;
/** Over field name */
over_field_name?: Field;
/** Partition field name */
partition_field_name?: Field;
/** Use null */
use_null?: boolean;
/** Exclude frequent */
exclude_frequent?: MlExcludeFrequent;
/** Custom rules */
custom_rules?: MlDetectionRule[];
/** Detector description */
detector_description?: string;
}
interface MlDataDescription {
/** Time field */
time_field?: Field;
/** Time format */
time_format?: string;
/** Field delimiter */
field_delimiter?: string;
/** Quote character */
quote_character?: string;
}
type MlExcludeFrequent = 'all' | 'none' | 'by' | 'over';Usage Examples:
// Create anomaly detection job
await client.ml.putJob({
job_id: "website-traffic-anomaly",
description: "Detect anomalies in website traffic patterns",
analysis_config: {
bucket_span: "15m",
detectors: [
{
function: "mean",
field_name: "response_time",
detector_description: "Mean response time"
},
{
function: "high_count",
by_field_name: "status_code",
detector_description: "High count of status codes"
}
],
influencers: ["user_agent", "source_ip"]
},
data_description: {
time_field: "@timestamp",
time_format: "epoch_ms"
}
});
// Get job information
const job = await client.ml.getJobs({
job_id: "website-traffic-anomaly"
});Manage trained models for inference and deployment.
/**
* Create trained model
* @param params - Model creation parameters
* @returns Promise with model creation result
*/
function putTrainedModel(params: {
/** Model identifier */
model_id: Id;
/** Compressed model definition */
compressed_definition?: string;
/** Inference configuration */
inference_config?: MlInferenceConfigContainer;
/** Model input configuration */
input: MlTrainedModelConfigInput;
/** Model description */
description?: string;
/** Model metadata */
metadata?: Record<string, any>;
/** Model tags */
tags?: string[];
/** Model type */
model_type?: MlTrainedModelType;
/** Model size bytes */
model_size_bytes?: number;
/** Estimated heap memory usage */
estimated_heap_memory_usage_bytes?: number;
/** Estimated operations */
estimated_operations?: number;
/** License level */
license_level?: MlLicenseLevel;
/** Default field map */
default_field_map?: Record<string, string>;
}): Promise<TransportResult<MlPutTrainedModelResponse, unknown>>;
/**
* Get trained models
* @param params - Model retrieval parameters
* @returns Promise with model information
*/
function getTrainedModels(params?: {
/** Model ID or pattern */
model_id?: Id;
/** Allow no match */
allow_no_match?: boolean;
/** Decompress definition */
decompress_definition?: boolean;
/** Exclude generated */
exclude_generated?: boolean;
/** Include model definition */
include?: MlInclude;
/** Result size */
size?: number;
/** Result offset */
from?: number;
/** Tags to match */
tags?: string;
}): Promise<TransportResult<MlGetTrainedModelsResponse, unknown>>;
interface MlTrainedModelConfigInput {
field_names: string[];
}
interface MlInferenceConfigContainer {
/** Regression configuration */
regression?: MlRegressionInferenceOptions;
/** Classification configuration */
classification?: MlClassificationInferenceOptions;
/** Text classification configuration */
text_classification?: MlTextClassificationInferenceOptions;
/** Zero shot classification configuration */
zero_shot_classification?: MlZeroShotClassificationInferenceOptions;
/** Fill mask configuration */
fill_mask?: MlFillMaskInferenceOptions;
/** NER configuration */
ner?: MlNerInferenceOptions;
/** Pass through configuration */
pass_through?: MlPassThroughInferenceOptions;
/** Text embedding configuration */
text_embedding?: MlTextEmbeddingInferenceOptions;
/** Question answering configuration */
question_answering?: MlQuestionAnsweringInferenceOptions;
/** Text expansion configuration */
text_expansion?: MlTextExpansionInferenceOptions;
}
type MlTrainedModelType = 'tree_ensemble' | 'lang_ident' | 'pytorch';
type MlLicenseLevel = 'basic' | 'gold' | 'platinum';
type MlInclude = 'definition' | 'feature_importance_baseline' | 'hyperparameters' | 'definition_status' | 'total_feature_importance';Usage Examples:
// Get all trained models
const models = await client.ml.getTrainedModels();
// Get specific model with definition
const model = await client.ml.getTrainedModels({
model_id: "sentiment-analysis-model",
include: "definition"
});
// Deploy model for inference
await client.ml.startTrainedModelDeployment({
model_id: "sentiment-analysis-model",
number_of_allocations: 2,
threads_per_allocation: 1
});Create and manage data frame analytics jobs for advanced analytics.
/**
* Create data frame analytics job
* @param params - Analytics job parameters
* @returns Promise with job creation result
*/
function putDataFrameAnalytics(params: {
/** Job identifier */
id: Id;
/** Source data configuration */
source: MlDataFrameAnalyticsSource;
/** Destination configuration */
dest: MlDataFrameAnalyticsDest;
/** Analysis configuration */
analysis: MlDataFrameAnalysisContainer;
/** Job description */
description?: string;
/** Model memory limit */
model_memory_limit?: string;
/** Max number of threads */
max_num_threads?: number;
/** Analyzed fields */
analyzed_fields?: MlDataFrameAnalysisAnalyzedFields;
/** Allow lazy start */
allow_lazy_start?: boolean;
/** Headers */
headers?: HttpHeaders;
}): Promise<TransportResult<MlPutDataFrameAnalyticsResponse, unknown>>;
/**
* Start data frame analytics job
* @param params - Job start parameters
* @returns Promise with start result
*/
function startDataFrameAnalytics(params: {
/** Job identifier */
id: Id;
/** Request timeout */
timeout?: Duration;
}): Promise<TransportResult<MlStartDataFrameAnalyticsResponse, unknown>>;
interface MlDataFrameAnalyticsSource {
/** Source indices */
index: Indices;
/** Source query */
query?: QueryDslQueryContainer;
/** Runtime mappings */
runtime_mappings?: MappingRuntimeFields;
/** Source filtering */
_source?: SearchSourceConfig;
}
interface MlDataFrameAnalyticsDest {
/** Destination index */
index: IndexName;
/** Results field */
results_field?: Field;
}
interface MlDataFrameAnalysisContainer {
/** Classification analysis */
classification?: MlDataFrameAnalysisClassification;
/** Regression analysis */
regression?: MlDataFrameAnalysisRegression;
/** Outlier detection analysis */
outlier_detection?: MlDataFrameAnalysisOutlierDetection;
}Usage Examples:
// Create classification job
await client.ml.putDataFrameAnalytics({
id: "customer-churn-prediction",
source: {
index: ["customer-data"],
query: {
range: {
registration_date: {
gte: "2020-01-01"
}
}
}
},
dest: {
index: "customer-churn-results",
results_field: "ml_results"
},
analysis: {
classification: {
dependent_variable: "churned",
training_percent: 80,
prediction_field_name: "churn_prediction"
}
},
analyzed_fields: {
includes: ["age", "tenure", "monthly_spend", "support_tickets"],
excludes: ["customer_id", "email"]
}
});
// Start the analytics job
await client.ml.startDataFrameAnalytics({
id: "customer-churn-prediction"
});Manage datafeeds for real-time anomaly detection jobs.
/**
* Create datafeed
* @param params - Datafeed creation parameters
* @returns Promise with datafeed creation result
*/
function putDatafeed(params: {
/** Datafeed identifier */
datafeed_id: Id;
/** Associated job ID */
job_id: Id;
/** Source indices */
indices: Indices;
/** Source query */
query?: QueryDslQueryContainer;
/** Aggregations */
aggregations?: Record<string, AggregationsAggregationContainer>;
/** Scroll size */
scroll_size?: number;
/** Frequency */
frequency?: Duration;
/** Query delay */
query_delay?: Duration;
/** Runtime mappings */
runtime_mappings?: MappingRuntimeFields;
/** Script fields */
script_fields?: Record<string, ScriptField>;
/** Max empty searches */
max_empty_searches?: number;
/** Chunking configuration */
chunking_config?: MlChunkingConfig;
/** Delayed data check configuration */
delayed_data_check_config?: MlDelayedDataCheckConfig;
}): Promise<TransportResult<MlPutDatafeedResponse, unknown>>;
/**
* Start datafeed
* @param params - Datafeed start parameters
* @returns Promise with start result
*/
function startDatafeed(params: {
/** Datafeed identifier */
datafeed_id: Id;
/** Start time */
start?: Timestamp;
/** End time */
end?: Timestamp;
/** Request timeout */
timeout?: Duration;
}): Promise<TransportResult<MlStartDatafeedResponse, unknown>>;Usage Examples:
// Create datafeed for real-time analysis
await client.ml.putDatafeed({
datafeed_id: "website-traffic-datafeed",
job_id: "website-traffic-anomaly",
indices: ["web-logs-*"],
query: {
bool: {
filter: [
{ range: { "@timestamp": { gte: "now-1h" } } },
{ term: { "log_type": "access" } }
]
}
},
frequency: "1m",
query_delay: "30s",
scroll_size: 1000
});
// Start the datafeed
await client.ml.startDatafeed({
datafeed_id: "website-traffic-datafeed",
start: "now"
});Perform inference using trained models.
/**
* Perform model inference
* @param params - Inference parameters
* @returns Promise with inference results
*/
function inferTrainedModel(params: {
/** Model identifier */
model_id: Id;
/** Input documents */
docs: Record<string, any>[];
/** Request timeout */
timeout?: Duration;
}): Promise<TransportResult<MlInferTrainedModelResponse, unknown>>;
interface MlInferTrainedModelResponse {
inference_results: MlInferenceResult[];
}
interface MlInferenceResult {
predicted_value?: any;
prediction_probability?: number;
prediction_score?: number;
feature_importance?: MlFeatureImportance[];
top_classes?: MlTopClassEntry[];
warning?: string;
}Usage Examples:
// Perform text classification inference
const result = await client.ml.inferTrainedModel({
model_id: "sentiment-analysis-model",
docs: [
{ text: "This product is amazing!" },
{ text: "I'm not satisfied with the service" },
{ text: "The delivery was on time" }
]
});
result.body.inference_results.forEach((inference, index) => {
console.log(`Document ${index}: ${inference.predicted_value} (confidence: ${inference.prediction_probability})`);
});Manage job lifecycle and monitoring.
/**
* Get anomaly detection jobs
* @param params - Job retrieval parameters
* @returns Promise with job information
*/
function getJobs(params?: {
/** Job ID or pattern */
job_id?: Id;
/** Allow no jobs */
allow_no_jobs?: boolean;
/** Allow no match */
allow_no_match?: boolean;
/** Exclude generated */
exclude_generated?: boolean;
}): Promise<TransportResult<MlGetJobsResponse, unknown>>;
/**
* Open anomaly detection job
* @param params - Job open parameters
* @returns Promise with open result
*/
function openJob(params: {
/** Job identifier */
job_id: Id;
/** Request timeout */
timeout?: Duration;
}): Promise<TransportResult<MlOpenJobResponse, unknown>>;
/**
* Close anomaly detection job
* @param params - Job close parameters
* @returns Promise with close result
*/
function closeJob(params: {
/** Job identifier */
job_id: Id;
/** Allow no jobs */
allow_no_jobs?: boolean;
/** Force close */
force?: boolean;
/** Request timeout */
timeout?: Duration;
}): Promise<TransportResult<MlCloseJobResponse, unknown>>;
/**
* Delete anomaly detection job
* @param params - Job deletion parameters
* @returns Promise with deletion result
*/
function deleteJob(params: {
/** Job identifier */
job_id: Id;
/** Force delete */
force?: boolean;
/** Wait for completion */
wait_for_completion?: boolean;
}): Promise<TransportResult<MlDeleteJobResponse, unknown>>;Usage Examples:
// Open job for processing
await client.ml.openJob({
job_id: "website-traffic-anomaly"
});
// Get job statistics
const stats = await client.ml.getJobStats({
job_id: "website-traffic-anomaly"
});
// Close job when done
await client.ml.closeJob({
job_id: "website-traffic-anomaly"
});type Id = string;
type IndexName = string;
type Indices = string | string[];
type Field = string;
type Duration = string;
type Timestamp = string | number;
interface HttpHeaders {
[key: string]: string | string[];
}
interface QueryDslQueryContainer {
bool?: any;
term?: any;
range?: any;
match?: any;
// ... other query types
}
interface AggregationsAggregationContainer {
avg?: any;
sum?: any;
terms?: any;
date_histogram?: any;
// ... other aggregation types
}
interface ScriptField {
script: {
source: string;
lang?: string;
params?: Record<string, any>;
};
}
interface MappingRuntimeFields {
[field: string]: MappingRuntimeField;
}
interface SearchSourceConfig {
includes?: string[];
excludes?: string[];
}