[Backport 2.x] Add CreateAnomalyDetectorTool (#355)

* Add CreateAnomalyDetectorTool (#348) * Add CreateAnomalyDetectorTool Signed-off-by: gaobinlong <[email protected]> * Optimize some code Signed-off-by: gaobinlong <[email protected]> * Fix test failure Signed-off-by: gaobinlong <[email protected]> * Optimize exception Signed-off-by: gaobinlong <[email protected]> --------- Signed-off-by: gaobinlong <[email protected]> (cherry picked from commit 63be179) * Fix test failure Signed-off-by: gaobinlong <[email protected]> * Fix warning Signed-off-by: gaobinlong <[email protected]> * Fix comment format Signed-off-by: gaobinlong <[email protected]> --------- Signed-off-by: gaobinlong <[email protected]>
opensearch-project · Jul 18, 2024 · d5af2e1 · d5af2e1
1 parent 32382ab
commit d5af2e1
Show file tree

Hide file tree

Showing 8 changed files with 1,142 additions and 24 deletions.
diff --git a/src/main/java/org/opensearch/agent/ToolPlugin.java b/src/main/java/org/opensearch/agent/ToolPlugin.java
@@ -11,6 +11,7 @@
 import java.util.function.Supplier;
 
 import org.opensearch.agent.common.SkillSettings;
+import org.opensearch.agent.tools.CreateAnomalyDetectorTool;
 import org.opensearch.agent.tools.NeuralSparseSearchTool;
 import org.opensearch.agent.tools.PPLTool;
 import org.opensearch.agent.tools.RAGTool;
@@ -73,6 +74,7 @@ public Collection<Object> createComponents(
         SearchAnomalyDetectorsTool.Factory.getInstance().init(client, namedWriteableRegistry);
         SearchAnomalyResultsTool.Factory.getInstance().init(client, namedWriteableRegistry);
         SearchMonitorsTool.Factory.getInstance().init(client);
+        CreateAnomalyDetectorTool.Factory.getInstance().init(client);
         return Collections.emptyList();
     }
 
@@ -87,7 +89,8 @@ public List<Tool.Factory<? extends Tool>> getToolFactories() {
                 SearchAlertsTool.Factory.getInstance(),
                 SearchAnomalyDetectorsTool.Factory.getInstance(),
                 SearchAnomalyResultsTool.Factory.getInstance(),
-                SearchMonitorsTool.Factory.getInstance()
+                SearchMonitorsTool.Factory.getInstance(),
+                CreateAnomalyDetectorTool.Factory.getInstance()
             );
     }
 

diff --git a/src/main/java/org/opensearch/agent/tools/CreateAnomalyDetectorTool.java b/src/main/java/org/opensearch/agent/tools/CreateAnomalyDetectorTool.java
diff --git a/src/main/java/org/opensearch/agent/tools/PPLTool.java b/src/main/java/org/opensearch/agent/tools/PPLTool.java
@@ -33,6 +33,7 @@
 import org.opensearch.action.search.SearchRequest;
 import org.opensearch.agent.common.SkillSettings;
 import org.opensearch.agent.tools.utils.ClusterSettingHelper;
+import org.opensearch.agent.tools.utils.ToolHelper;
 import org.opensearch.client.Client;
 import org.opensearch.cluster.metadata.MappingMetadata;
 import org.opensearch.core.action.ActionListener;
@@ -396,7 +397,7 @@ private String constructTableInfo(SearchHit[] searchHits, Map<String, MappingMet
             );
         }
         Map<String, String> fieldsToType = new HashMap<>();
-        extractNamesTypes(mappingSource, fieldsToType, "");
+        ToolHelper.extractFieldNamesTypes(mappingSource, fieldsToType, "");
         StringJoiner tableInfoJoiner = new StringJoiner("\n");
         List<String> sortedKeys = new ArrayList<>(fieldsToType.keySet());
         Collections.sort(sortedKeys);
@@ -434,28 +435,6 @@ private String constructPrompt(String tableInfo, String question, String indexNa
         return substitutor.replace(contextPrompt);
     }
 
-    private void extractNamesTypes(Map<String, Object> mappingSource, Map<String, String> fieldsToType, String prefix) {
-        if (!prefix.isEmpty()) {
-            prefix += ".";
-        }
-
-        for (Map.Entry<String, Object> entry : mappingSource.entrySet()) {
-            String n = entry.getKey();
-            Object v = entry.getValue();
-
-            if (v instanceof Map) {
-                Map<String, Object> vMap = (Map<String, Object>) v;
-                if (vMap.containsKey("type")) {
-                    if (!((vMap.getOrDefault("type", "")).equals("alias"))) {
-                        fieldsToType.put(prefix + n, (String) vMap.get("type"));
-                    }
-                } else if (vMap.containsKey("properties")) {
-                    extractNamesTypes((Map<String, Object>) vMap.get("properties"), fieldsToType, prefix + n);
-                }
-            }
-        }
-    }
-
     private static void extractSamples(Map<String, Object> sampleSource, Map<String, String> fieldsToSample, String prefix)
         throws PrivilegedActionException {
         if (!prefix.isEmpty()) {

diff --git a/src/main/java/org/opensearch/agent/tools/utils/ToolHelper.java b/src/main/java/org/opensearch/agent/tools/utils/ToolHelper.java
@@ -0,0 +1,42 @@
+/*
+ * Copyright OpenSearch Contributors
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+package org.opensearch.agent.tools.utils;
+
+import java.util.Map;
+
+public class ToolHelper {
+    /**
+     * Flatten all the fields in the mappings, insert the field to fieldType mapping to a map
+     * @param mappingSource the mappings of an index
+     * @param fieldsToType the result containing the field to fieldType mapping
+     * @param prefix the parent field path
+     */
+    public static void extractFieldNamesTypes(Map<String, Object> mappingSource, Map<String, String> fieldsToType, String prefix) {
+        if (prefix.length() > 0) {
+            prefix += ".";
+        }
+
+        for (Map.Entry<String, Object> entry : mappingSource.entrySet()) {
+            String n = entry.getKey();
+            Object v = entry.getValue();
+
+            if (v instanceof Map) {
+                Map<String, Object> vMap = (Map<String, Object>) v;
+                if (vMap.containsKey("type")) {
+                    if (!((vMap.getOrDefault("type", "")).equals("alias"))) {
+                        fieldsToType.put(prefix + n, (String) vMap.get("type"));
+                    }
+                }
+                if (vMap.containsKey("properties")) {
+                    extractFieldNamesTypes((Map<String, Object>) vMap.get("properties"), fieldsToType, prefix + n);
+                }
+                if (vMap.containsKey("fields")) {
+                    extractFieldNamesTypes((Map<String, Object>) vMap.get("fields"), fieldsToType, prefix + n);
+                }
+            }
+        }
+    }
+}
diff --git a/src/main/resources/org/opensearch/agent/tools/CreateAnomalyDetectorDefaultPrompt.json b/src/main/resources/org/opensearch/agent/tools/CreateAnomalyDetectorDefaultPrompt.json
@@ -0,0 +1,4 @@
+{
+  "CLAUDE": "Human:\" turn\": Here is an example of the create anomaly detector API: POST _plugins/_anomaly_detection/detectors, {\"time_field\":\"timestamp\",\"indices\":[\"server_log*\"],\"feature_attributes\":[{\"feature_name\":\"test\",\"feature_enabled\":true,\"aggregation_query\":{\"test\":{\"sum\":{\"field\":\"value\"}}}}],\"category_field\":[\"ip\"]}, and here are the mapping info containing all the fields in the index ${indexInfo.indexName}: ${indexInfo.indexMapping}, and the optional aggregation methods are count, avg, min, max and sum. Please give me some suggestion about creating an anomaly detector for the index ${indexInfo.indexName}, you need to give the key information: the top 3 suitable aggregation fields which are numeric types and the suitable aggregation method for each field, if there are no numeric type fields, both the aggregation field and method are empty string,  and also give the category field if there exists a keyword type field like ip, address, host, city, country or region, if not exist, the category field is empty. Show me a format of keyed and pipe-delimited list wrapped in a curly bracket just like {category_field=the category field if exists|aggregation_field=comma-delimited list of all the aggregation field names|aggregation_method=comma-delimited list of all the aggregation methods}. \n\nAssistant:\" turn\"",
+  "OPENAI": "Here is an example of the create anomaly detector API: POST _plugins/_anomaly_detection/detectors, {\"time_field\":\"timestamp\",\"indices\":[\"server_log*\"],\"feature_attributes\":[{\"feature_name\":\"test\",\"feature_enabled\":true,\"aggregation_query\":{\"test\":{\"sum\":{\"field\":\"value\"}}}}],\"category_field\":[\"ip\"]}, and here are the mapping info containing all the fields in the index ${indexInfo.indexName}: ${indexInfo.indexMapping}, and the optional aggregation methods are count, avg, min, max and sum. Please give me some suggestion about creating an anomaly detector for the index ${indexInfo.indexName}, you need to give the key information: the top 3 suitable aggregation fields which are numeric types and the suitable aggregation method for each field, if there are no numeric type fields, both the aggregation field and method are empty string,  and also give the category field if there exists a keyword type field like ip, address, host, city, country or region, if not exist, the category field is empty. Show me a format of keyed and pipe-delimited list wrapped in a curly bracket just like {category_field=the category field if exists|aggregation_field=comma-delimited list of all the aggregation field names|aggregation_method=comma-delimited list of all the aggregation methods}. "
+}