diff --git a/x-pack/packages/ml/aiops_log_rate_analysis/queries/fetch_significant_term_p_values.ts b/x-pack/packages/ml/aiops_log_rate_analysis/queries/fetch_significant_term_p_values.ts index 9cd7bd3a3acb8..98dbd11398174 100644 --- a/x-pack/packages/ml/aiops_log_rate_analysis/queries/fetch_significant_term_p_values.ts +++ b/x-pack/packages/ml/aiops_log_rate_analysis/queries/fetch_significant_term_p_values.ts @@ -56,8 +56,18 @@ export const getSignificantTermRequest = ( ]; } - const pValueAgg: Record<'change_point_p_value', estypes.AggregationsAggregationContainer> = { - change_point_p_value: { + const pValueAgg: Record< + 'sig_term_p_value' | 'distinct_count', + estypes.AggregationsAggregationContainer + > = { + // Used to identify fields with only one distinct value which we'll ignore in the analysis. + distinct_count: { + cardinality: { + field: fieldName, + }, + }, + // Used to calculate the p-value for terms of the field. + sig_term_p_value: { significant_terms: { field: fieldName, background_filter: { @@ -158,13 +168,26 @@ export const fetchSignificantTermPValues = async ( } const overallResult = ( - randomSamplerWrapper.unwrap(resp.aggregations) as Record<'change_point_p_value', Aggs> - ).change_point_p_value; + randomSamplerWrapper.unwrap(resp.aggregations) as Record<'sig_term_p_value', Aggs> + ).sig_term_p_value; + + const distinctCount = ( + randomSamplerWrapper.unwrap(resp.aggregations) as Record< + 'distinct_count', + estypes.AggregationsCardinalityAggregate + > + ).distinct_count.value; for (const bucket of overallResult.buckets) { const pValue = Math.exp(-bucket.score); - if (typeof pValue === 'number' && pValue < LOG_RATE_ANALYSIS_SETTINGS.P_VALUE_THRESHOLD) { + if ( + typeof pValue === 'number' && + // Skip items where the p-value is not significant. + pValue < LOG_RATE_ANALYSIS_SETTINGS.P_VALUE_THRESHOLD && + // Skip items where the field has only one distinct value. + distinctCount > 1 + ) { result.push({ key: `${fieldName}:${String(bucket.key)}`, type: SIGNIFICANT_ITEM_TYPE.KEYWORD,