From 05f770a5f851b9f397e37df9172db62d1dcfa5f8 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 30 Mar 2020 10:02:24 -0700 Subject: [PATCH 1/2] [DOCS] Adds ML jobs for Elastic Uptime --- .../anomaly-detection/ootb-ml-jobs.asciidoc | 61 ++++++++++++++++--- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc index cd1145213..c7e3efe73 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc @@ -18,13 +18,15 @@ the {anomaly-jobs} that are ready to use via {kib}. [[ootb-ml-jobs-apache]] -=== Apache - +=== Apache {anomaly-detect} configurations +++++ +Apache +++++ // tag::apache-jobs[] These {anomaly-job} wizards appear in {kib} if you use {filebeat-ref}/index.html[{filebeat}] to ship access logs from your https://httpd.apache.org/[Apache] HTTP servers to {es} and store it using fields -and datatypes from the Elastic Common Schema (ECS). For more details, see the +and data types from the Elastic Common Schema (ECS). For more details, see the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/apache_ecs/ml[GitHub]. @@ -65,7 +67,11 @@ visitor_rate_ecs:: rates (using the <>). [[ootb-ml-jobs-apm]] -=== APM +=== APM {anomaly-detect} configurations +++++ +APM +++++ + These {anomaly-job} wizards appear in {kib} if you have data from APM Agents or an APM Server stored in {es}. For more details, see the {dfeed} and job definitions in the `apm_*` folders in @@ -127,7 +133,10 @@ high_mean_response_time:: [[ootb-ml-jobs-auditbeat]] -=== Auditbeat +=== {auditbeat} {anomaly-detect} configurations +++++ +{auditbeat} +++++ // tag::auditbeat-jobs[] These {anomaly-job} wizards appear in {kib} if you use @@ -171,7 +180,10 @@ hosts_rare_process_activity_ecs:: [[ootb-ml-jobs-logs-ui]] -=== Logs UI +=== Logs {anomaly-detect} configurations +++++ +Logs +++++ // tag::logs-jobs[] These {anomaly-jobs} appear by default in the @@ -198,7 +210,10 @@ log_entry_rate:: [[ootb-ml-jobs-metricbeat]] -=== Metricbeat +=== {metricbeat} {anomaly-detect} configurations +++++ +{metricbeat} +++++ // tag::metricbeat-jobs[] These {anomaly-job} wizards appear in {kib} if you use the @@ -235,7 +250,10 @@ metricbeat_outages_ecs:: [[ootb-ml-jobs-nginx]] -=== Nginx +=== Nginx {anomaly-detect} configurations +++++ +Nginx +++++ // tag::nginx-jobs[] These {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship access @@ -284,7 +302,10 @@ visitor_rate_ecs:: [[ootb-ml-jobs-siem]] -=== SIEM +=== SIEM {anomaly-detect} configurations +++++ +SIEM +++++ These {anomaly-jobs} appear by default in the Anomaly Detection interface of the {siem-guide}/machine-learning.html[SIEM app] in {kib}. They help you @@ -853,3 +874,25 @@ Required {beats}::: NOTE: This job is available only when you use {winlogbeat} to ship data. // end::siem-jobs[] + +[[ootb-ml-jobs-uptime]] +=== Uptime {anomaly-detect} configurations +++++ +Uptime +++++ +// tag::uptime-jobs[] + +If you have appropriate {heartbeat} data in {es}, you can enable this +{anomaly-job} in the +{uptime-guide}/uptime-overview.html[Elastic Uptime] app in {kib}. For more +details, see the {dfeed} and job definitions in +https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/uptime_heartbeat/ml[GitHub]. + +high_latency_by_geo:: + +* Detects unusually high average latency values (using the +<> on the `monitor.duration.us` field). +* Models the occurrences across geographical locations (`partition_field_name` + is `observer.geo.name`). + +// end::uptime-jobs[] \ No newline at end of file From 022eba277d6e09f65b1f4083b94abd7f3d4c8acb Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 30 Mar 2020 10:53:53 -0700 Subject: [PATCH 2/2] [DOCS] Updates list of links --- docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc index c7e3efe73..9fea534bd 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc @@ -14,6 +14,7 @@ the {anomaly-jobs} that are ready to use via {kib}. * <> * <> * <> +* <>