Search Anomaly Results tool

Introduced 2.13

The SearchAnomalyResultsTool retrieves information about anomaly detector results. For more information about anomaly detectors, see Anomaly detection.

Step 1: Register a flow agent that will run the SearchAnomalyResultsTool

A flow agent runs a sequence of tools in order and returns the last tool’s output. To create a flow agent, send the following register agent request:

  1. POST /_plugins/_ml/agents/_register
  2. {
  3.   "name": "Test_Agent_For_Search_Anomaly_Results_Tool",
  4.   "type": "flow",
  5.   "description": "this is a test agent for the SearchAnomalyResultsTool",
  6.   "memory": {
  7.     "type": "demo"
  8.   },
  9.   "tools": [
  10.     {
  11.       "type": "SearchAnomalyResultsTool",
  12.       "name": "DemoSearchAnomalyResultsTool",
  13.       "parameters": {}
  14.     }
  15.   ]
  16. }

copy

For parameter descriptions, see Register parameters.

OpenSearch responds with an agent ID:

  1. {
  2.   "agent_id": "HuJZYo0B9RaBCvhuUlpy"
  3. }

Step 2: Run the agent

Run the agent by sending the following request:

  1. POST /_plugins/_ml/agents/HuJZYo0B9RaBCvhuUlpy/_execute
  2. {
  3.   "parameters": {
  4.     "question": "Do I have any anomalies?"
  5.   }
  6. }

copy

OpenSearch responds with a list of individual anomaly detectors set up on your cluster (where each result contains the detector ID, the anomaly grade, and the confidence level) and the total number of anomaly results found:

  1. {
  2.   "inference_results": [
  3.     {
  4.       "output": [
  5.         {
  6.           "name": "response",
  7.           "result": "AnomalyResults=[{detectorId=ef9lYo0Bk4MTqircmjnm,grade=1.0,confidence=0.9403051246569198}{detectorId=E-JlYo0B9RaBCvhunFtw,grade=1.0,confidence=0.9163498216870274}]TotalAnomalyResults=2"
  8.         }
  9.       ]
  10.     }
  11.   ]
  12. }

If no anomalies are found, OpenSearch responds with an empty array in the results:

  1. {
  2.   "inference_results": [
  3.     {
  4.       "output": [
  5.         {
  6.           "name": "response",
  7.           "result": "AnomalyResults=[]TotalAnomalyResults=0"
  8.         }
  9.       ]
  10.     }
  11.   ]
  12. }

Register parameters

The following table lists all tool parameters that are available when registering an agent. All parameters are optional.

ParameterTypeDescription
detectorIdStringThe ID of the detector from which to return results.
realTimeBooleanWhether to return real-time anomaly detector results. Set this parameter to false to return only historical analysis results.
anomalyGradeThresholdFloatThe minimum anomaly grade for the returned anomaly detector results. Anomaly grade is a number between 0 and 1 that indicates how anomalous a data point is.
dataStartTimeLongThe earliest time for which to return anomaly detector results, in epoch milliseconds.
dataEndTimeLongThe latest time for which to return anomaly detector results, in epoch milliseconds.
sortOrderStringThe sort order for the results. Valid values are asc (ascending) and desc (descending). Default is desc.
sortStringStringSpecifies the detector field by which to sort the results. Default is data_start_time.
sizeIntegerThe number of results to return. Default is 20.
startIndexIntegerThe paginated index of the result to start from. Default is 0.

Execute parameters

The following table lists all tool parameters that are available when running the agent.

ParameterTypeRequired/OptionalDescription
questionStringRequiredThe natural language question to send to the LLM.