Skip to content

Commit

Permalink
[ML] Explain Log Rate Spikes: Fix frequent_items agg config. (#140814)
Browse files Browse the repository at this point in the history
- Tweaks the `frequent_items` agg config. `should_minimum_match:2` for the terms should clause improves getting back groups of results. `minimum_set_size:2` will avoid single item frequent sets.
- Passes on a possible filter bar query to the `frequent_items` agg.
  • Loading branch information
walterra authored Sep 15, 2022
1 parent 3224b5d commit 2c2c0c0
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 2 deletions.
3 changes: 3 additions & 0 deletions x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

import { chunk } from 'lodash';

import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';

import { i18n } from '@kbn/i18n';
import { asyncForEach } from '@kbn/std';
import type { IRouter } from '@kbn/core/server';
Expand Down Expand Up @@ -212,6 +214,7 @@ export const defineExplainLogRateSpikesRoute = (
const { fields, df } = await fetchFrequentItems(
client,
request.body.index,
JSON.parse(request.body.searchQuery) as estypes.QueryDslQueryContainer,
changePoints,
request.body.timeFieldName,
request.body.deviationMin,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ function dropDuplicates(cp: ChangePoint[], uniqueFields: string[]) {
export async function fetchFrequentItems(
client: ElasticsearchClient,
index: string,
searchQuery: estypes.QueryDslQueryContainer,
changePoints: ChangePoint[],
timeFieldName: string,
deviationMin: number,
Expand All @@ -45,7 +46,9 @@ export async function fetchFrequentItems(
// TODO add query params
const query = {
bool: {
minimum_should_match: 2,
filter: [
searchQuery,
{
range: {
[timeFieldName]: {
Expand Down Expand Up @@ -83,6 +86,7 @@ export async function fetchFrequentItems(
fi: {
// @ts-expect-error `frequent_items` is not yet part of `AggregationsAggregationContainer`
frequent_items: {
minimum_set_size: 2,
size: 200,
minimum_support: 0.1,
fields: aggFields,
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,6 @@

import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey';

import type { Query } from '@kbn/es-query';
import type { FieldValuePair } from '@kbn/ml-agg-utils';

import type { AiopsExplainLogRateSpikesSchema } from '../../../common/api/explain_log_rate_spikes';
Expand All @@ -23,7 +22,7 @@ interface QueryParams {
termFilters?: FieldValuePair[];
}
export const getQueryWithParams = ({ params, termFilters }: QueryParams) => {
const searchQuery = JSON.parse(params.searchQuery) as Query['query'];
const searchQuery = JSON.parse(params.searchQuery) as estypes.QueryDslQueryContainer;
return {
bool: {
filter: [
Expand Down

0 comments on commit 2c2c0c0

Please sign in to comment.