From b0a275dee6a8bca9fbe7d511bd4f8847352fdf10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Wed, 5 Apr 2023 15:43:16 +0200 Subject: [PATCH] [DOCS] Adds tip to change point agg docs. (#94981) --- .../change-point-aggregation.asciidoc | 32 ++++++++++++------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/docs/reference/aggregations/pipeline/change-point-aggregation.asciidoc b/docs/reference/aggregations/pipeline/change-point-aggregation.asciidoc index 73ae6c7683306..73763f1b4ec17 100644 --- a/docs/reference/aggregations/pipeline/change-point-aggregation.asciidoc +++ b/docs/reference/aggregations/pipeline/change-point-aggregation.asciidoc @@ -7,9 +7,14 @@ experimental::[] -A sibling pipeline that detects, spikes, dips, and change points in a metric. Given a distribution of values -provided by the sibling multi-bucket aggregation, this aggregation indicates the bucket of any spike or dip -and/or the bucket at which the largest change in the distribution of values, if they are statistically significant. +A sibling pipeline that detects, spikes, dips, and change points in a metric. +Given a distribution of values provided by the sibling multi-bucket aggregation, +this aggregation indicates the bucket of any spike or dip and/or the bucket at +which the largest change in the distribution of values, if they are +statistically significant. + +TIP: It is recommended to use the change point aggregation to detect changes in +time-based data, however, you can use any metric to create buckets. @@ -18,8 +23,8 @@ and/or the bucket at which the largest change in the distribution of values, if `buckets_path`:: (Required, string) -Path to the buckets that contain one set of values in which to detect a change point. There must be at least 22 bucketed -values. Fewer than 1,000 is preferred. +Path to the buckets that contain one set of values in which to detect a change +point. There must be at least 22 bucketed values. Fewer than 1,000 is preferred. For syntax, see <>. ==== Syntax @@ -42,8 +47,9 @@ A `change_point` aggregation looks like this in isolation: `bucket`:: (Optional, object) -Values of the bucket that indicates the discovered change point. Not returned if no change point was found. -All the aggregations in the bucket are returned as well. +Values of the bucket that indicates the discovered change point. Not returned if +no change point was found. All the aggregations in the bucket are returned as +well. + .Properties of bucket [%collapsible%open] @@ -63,11 +69,14 @@ The found change point type and its related values. Possible types: + -- * `dip`: a significant dip occurs at this change point -* `distribution_change`: the overall distribution of the values has changed significantly -* `non_stationary`: there is no change point, but the values are not from a stationary distribution +* `distribution_change`: the overall distribution of the values has changed +significantly +* `non_stationary`: there is no change point, but the values are not from a +stationary distribution * `spike`: a significant spike occurs at this point * `stationary`: no change point found -* `step_change`: the change indicates a statistically significant step up or down in value distribution +* `step_change`: the change indicates a statistically significant step up or +down in value distribution * `trend_change`: there is an overall trend change occurring at this point -- @@ -138,5 +147,6 @@ The request returns a response that is similar to the following: <2> The number of documents in that bucket. <3> Aggregated values in the bucket. <4> Type of change found. -<5> The `p_value` indicates how extreme the change is; lower values indicate greater change. +<5> The `p_value` indicates how extreme the change is; lower values indicate +greater change. <6> The specific bucket where the change occurs (indexing starts at `0`).