forked from opensearch-project/skills
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add CreateAnomalyDetectorTool (opensearch-project#348)
* Add CreateAnomalyDetectorTool Signed-off-by: gaobinlong <[email protected]> * Optimize some code Signed-off-by: gaobinlong <[email protected]> * Fix test failure Signed-off-by: gaobinlong <[email protected]> * Optimize exception Signed-off-by: gaobinlong <[email protected]> --------- Signed-off-by: gaobinlong <[email protected]> (cherry picked from commit 63be179)
- Loading branch information
1 parent
5340662
commit 08cc9f4
Showing
8 changed files
with
1,140 additions
and
25 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
451 changes: 451 additions & 0 deletions
451
src/main/java/org/opensearch/agent/tools/CreateAnomalyDetectorTool.java
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
42 changes: 42 additions & 0 deletions
42
src/main/java/org/opensearch/agent/tools/utils/ToolHelper.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
/* | ||
* Copyright OpenSearch Contributors | ||
* SPDX-License-Identifier: Apache-2.0 | ||
*/ | ||
|
||
package org.opensearch.agent.tools.utils; | ||
|
||
import java.util.Map; | ||
|
||
public class ToolHelper { | ||
/** | ||
* Flatten all the fields in the mappings, insert the field->field type mapping to a map | ||
* @param mappingSource the mappings of an index | ||
* @param fieldsToType the result containing the field->field type mapping | ||
* @param prefix the parent field path | ||
*/ | ||
public static void extractFieldNamesTypes(Map<String, Object> mappingSource, Map<String, String> fieldsToType, String prefix) { | ||
if (prefix.length() > 0) { | ||
prefix += "."; | ||
} | ||
|
||
for (Map.Entry<String, Object> entry : mappingSource.entrySet()) { | ||
String n = entry.getKey(); | ||
Object v = entry.getValue(); | ||
|
||
if (v instanceof Map) { | ||
Map<String, Object> vMap = (Map<String, Object>) v; | ||
if (vMap.containsKey("type")) { | ||
if (!((vMap.getOrDefault("type", "")).equals("alias"))) { | ||
fieldsToType.put(prefix + n, (String) vMap.get("type")); | ||
} | ||
} | ||
if (vMap.containsKey("properties")) { | ||
extractFieldNamesTypes((Map<String, Object>) vMap.get("properties"), fieldsToType, prefix + n); | ||
} | ||
if (vMap.containsKey("fields")) { | ||
extractFieldNamesTypes((Map<String, Object>) vMap.get("fields"), fieldsToType, prefix + n); | ||
} | ||
} | ||
} | ||
} | ||
} |
4 changes: 4 additions & 0 deletions
4
src/main/resources/org/opensearch/agent/tools/CreateAnomalyDetectorDefaultPrompt.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
{ | ||
"CLAUDE": "Human:\" turn\": Here is an example of the create anomaly detector API: POST _plugins/_anomaly_detection/detectors, {\"time_field\":\"timestamp\",\"indices\":[\"server_log*\"],\"feature_attributes\":[{\"feature_name\":\"test\",\"feature_enabled\":true,\"aggregation_query\":{\"test\":{\"sum\":{\"field\":\"value\"}}}}],\"category_field\":[\"ip\"]}, and here are the mapping info containing all the fields in the index ${indexInfo.indexName}: ${indexInfo.indexMapping}, and the optional aggregation methods are count, avg, min, max and sum. Please give me some suggestion about creating an anomaly detector for the index ${indexInfo.indexName}, you need to give the key information: the top 3 suitable aggregation fields which are numeric types and the suitable aggregation method for each field, if there are no numeric type fields, both the aggregation field and method are empty string, and also give the category field if there exists a keyword type field like ip, address, host, city, country or region, if not exist, the category field is empty. Show me a format of keyed and pipe-delimited list wrapped in a curly bracket just like {category_field=the category field if exists|aggregation_field=comma-delimited list of all the aggregation field names|aggregation_method=comma-delimited list of all the aggregation methods}. \n\nAssistant:\" turn\"", | ||
"OPENAI": "Here is an example of the create anomaly detector API: POST _plugins/_anomaly_detection/detectors, {\"time_field\":\"timestamp\",\"indices\":[\"server_log*\"],\"feature_attributes\":[{\"feature_name\":\"test\",\"feature_enabled\":true,\"aggregation_query\":{\"test\":{\"sum\":{\"field\":\"value\"}}}}],\"category_field\":[\"ip\"]}, and here are the mapping info containing all the fields in the index ${indexInfo.indexName}: ${indexInfo.indexMapping}, and the optional aggregation methods are count, avg, min, max and sum. Please give me some suggestion about creating an anomaly detector for the index ${indexInfo.indexName}, you need to give the key information: the top 3 suitable aggregation fields which are numeric types and the suitable aggregation method for each field, if there are no numeric type fields, both the aggregation field and method are empty string, and also give the category field if there exists a keyword type field like ip, address, host, city, country or region, if not exist, the category field is empty. Show me a format of keyed and pipe-delimited list wrapped in a curly bracket just like {category_field=the category field if exists|aggregation_field=comma-delimited list of all the aggregation field names|aggregation_method=comma-delimited list of all the aggregation methods}. " | ||
} |
Oops, something went wrong.