Link Search Menu Expand Document Documentation Menu

Search Anomaly Detectors tool

Introduced 2.12

This is an experimental feature and is not recommended for use in a production environment. For updates on the progress of the feature or if you want to leave feedback, see the associated GitHub issue.

The SearchAnomalyDetectorsTool retrieves information about anomaly detectors set up on your cluster. For more information about anomaly detectors, see Anomaly detection.

Step 1: Register a flow agent that will run the SearchAnomalyDetectorsTool

A flow agent runs a sequence of tools in order and returns the last tool’s output. To create a flow agent, send the following register agent request:

POST /_plugins/_ml/agents/_register
{
  "name": "Test_Agent_For_Search_Anomaly_Detectors_Tool",
  "type": "flow",
  "description": "this is a test agent for the SearchAnomalyDetectorsTool",
  "memory": {
    "type": "demo"
  },
  "tools": [
      {
      "type": "SearchAnomalyDetectorsTool",
      "name": "DemoSearchAnomalyDetectorsTool",
      "parameters": {}
    }
  ]
}

For parameter descriptions, see Register parameters.

OpenSearch responds with an agent ID:

{
  "agent_id": "EuJYYo0B9RaBCvhuy1q8"
}

Step 2: Run the agent

Run the agent by sending the following request:

POST /_plugins/_ml/agents/EuJYYo0B9RaBCvhuy1q8/_execute
{
  "parameters": {
    "question": "Do I have any anomaly detectors?"
  }
}

OpenSearch responds with a list of anomaly detectors set up on your cluster and the total number of anomaly detectors:

{
  "inference_results": [
    {
      "output": [
        {
          "name": "response",
          "result": "AnomalyDetectors=[{id=y2M-Yo0B-yCFzT-N_XXU,name=sample-http-responses-detector,type=SINGLE_ENTITY,description=A sample detector to detect anomalies with HTTP response code logs.,index=[sample-http-responses],lastUpdateTime=1706750311891}]TotalAnomalyDetectors=1"
        }
      ]
    }
  ]
}

Register parameters

The following table lists all tool parameters that are available when registering an agent. All parameters are optional.

Parameter Type Description
detectorName String The name of the detector to search for.
detectorNamePattern String A wildcard query used to match the detector name to search for.
indices String The index name or index pattern of the indexes that the returned detectors are using as data sources.
highCardinality Boolean Whether to return information about high-cardinality detectors. Leave this parameter unset (or set it to null) to return information about both high-cardinality (multi-entity) and non-high-cardinality (single-entity) detectors. Set this parameter to true to only return information about high-cardinality detectors. Set this parameter to false to only return information about non-high-cardinality detectors.
lastUpdateTime Long Specifies the earliest last updated time of the detectors to return, in epoch milliseconds. Default is null.
sortOrder String The sort order for the results. Valid values are asc (ascending) and desc (descending). Default is desc.
sortString String Specifies the detector field by which to sort the results. Default is name.keyword.
size Integer The number of results to return. Default is 20.
startIndex Integer The paginated index of the detector to start from. Default is 0.
running Boolean Whether to return information about detectors that are currently running. Leave this parameter unset (or set it to null) to return both running and non-running detector information. Set this parameter to true to only return information about running detectors. Set this parameter to false to return only information about detectors that are not currently running. Default is null.
disabled Boolean Whether to return information about detectors that are currently disabled. Leave this parameter unset (or set it to null) to return information about both enabled and disabled detectors. Set this parameter to true to return only information about disabled detectors. Set this parameter to false to return only information about enabled detectors. Default is null.
failed Boolean Whether to return information about detectors that are currently failing. Leave this parameter unset (or set it to null) to return information about both failed and non-failed detectors. Set this parameter to true to return only information about failed detectors. Set this parameter to false to return only information about non-failed detectors. Default is null.

Execute parameters

The following table lists all tool parameters that are available when running the agent.

Parameter Type Required/Optional Description
question String Required The natural language question to send to the LLM.
350 characters left

Have a question? .

Want to contribute? or .