From 2c2c0c0d617a109d78ff9b92937c89f56579c0f4 Mon Sep 17 00:00:00 2001 From: Walter Rafelsberger Date: Thu, 15 Sep 2022 18:43:28 +0200 Subject: [PATCH] [ML] Explain Log Rate Spikes: Fix frequent_items agg config. (#140814) - Tweaks the `frequent_items` agg config. `should_minimum_match:2` for the terms should clause improves getting back groups of results. `minimum_set_size:2` will avoid single item frequent sets. - Passes on a possible filter bar query to the `frequent_items` agg. --- x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts | 3 +++ .../aiops/server/routes/queries/fetch_frequent_items.ts | 4 ++++ .../aiops/server/routes/queries/get_query_with_params.ts | 3 +-- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts b/x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts index 83bcac0bfa70e..f0fadf9476e74 100644 --- a/x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts +++ b/x-pack/plugins/aiops/server/routes/explain_log_rate_spikes.ts @@ -7,6 +7,8 @@ import { chunk } from 'lodash'; +import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; + import { i18n } from '@kbn/i18n'; import { asyncForEach } from '@kbn/std'; import type { IRouter } from '@kbn/core/server'; @@ -212,6 +214,7 @@ export const defineExplainLogRateSpikesRoute = ( const { fields, df } = await fetchFrequentItems( client, request.body.index, + JSON.parse(request.body.searchQuery) as estypes.QueryDslQueryContainer, changePoints, request.body.timeFieldName, request.body.deviationMin, diff --git a/x-pack/plugins/aiops/server/routes/queries/fetch_frequent_items.ts b/x-pack/plugins/aiops/server/routes/queries/fetch_frequent_items.ts index fc834e2951db7..02d20ba18795c 100644 --- a/x-pack/plugins/aiops/server/routes/queries/fetch_frequent_items.ts +++ b/x-pack/plugins/aiops/server/routes/queries/fetch_frequent_items.ts @@ -25,6 +25,7 @@ function dropDuplicates(cp: ChangePoint[], uniqueFields: string[]) { export async function fetchFrequentItems( client: ElasticsearchClient, index: string, + searchQuery: estypes.QueryDslQueryContainer, changePoints: ChangePoint[], timeFieldName: string, deviationMin: number, @@ -45,7 +46,9 @@ export async function fetchFrequentItems( // TODO add query params const query = { bool: { + minimum_should_match: 2, filter: [ + searchQuery, { range: { [timeFieldName]: { @@ -83,6 +86,7 @@ export async function fetchFrequentItems( fi: { // @ts-expect-error `frequent_items` is not yet part of `AggregationsAggregationContainer` frequent_items: { + minimum_set_size: 2, size: 200, minimum_support: 0.1, fields: aggFields, diff --git a/x-pack/plugins/aiops/server/routes/queries/get_query_with_params.ts b/x-pack/plugins/aiops/server/routes/queries/get_query_with_params.ts index 9e0b82b341d1d..706d2b6aa5c75 100644 --- a/x-pack/plugins/aiops/server/routes/queries/get_query_with_params.ts +++ b/x-pack/plugins/aiops/server/routes/queries/get_query_with_params.ts @@ -7,7 +7,6 @@ import type * as estypes from '@elastic/elasticsearch/lib/api/typesWithBodyKey'; -import type { Query } from '@kbn/es-query'; import type { FieldValuePair } from '@kbn/ml-agg-utils'; import type { AiopsExplainLogRateSpikesSchema } from '../../../common/api/explain_log_rate_spikes'; @@ -23,7 +22,7 @@ interface QueryParams { termFilters?: FieldValuePair[]; } export const getQueryWithParams = ({ params, termFilters }: QueryParams) => { - const searchQuery = JSON.parse(params.searchQuery) as Query['query']; + const searchQuery = JSON.parse(params.searchQuery) as estypes.QueryDslQueryContainer; return { bool: { filter: [