[ML] Edit queries in Metricbeat module to use event.dataset field (#35653)

2019-04-29 11:09:16 +01:00 · 2019-04-29 11:09:16 +01:00 · 3577c43d90
parent 7ad35347e9
commit 3577c43d90
7 changed files with 26 additions and 29 deletions
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json
@ -7,12 +7,9 @@
  "defaultIndexPattern": "metricbeat-*",
  "query": {
    "bool": {
-      "should": [
-        {"bool": {"filter": {"term": {"metricset.name": "load"}}}},
-        {"bool": {"filter": {"term": {"metricset.name": "cpu"}}}},
-        {"bool": {"filter": {"term": {"metricset.name": "filesystem"}}}}
-        ],
-      "filter": {"term": {"event.module": "system"}}
+      "filter": {
+        "terms" : { "event.dataset" : ["system.cpu", "system.filesystem"]}
+      }
    }
  },
  "jobs": [
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json
@ -1,16 +1,16 @@
 {
-    "job_id": "JOB_ID",
-    "indexes": [
-      "INDEX_PATTERN_NAME"
-    ],
-      "query": {
-        "bool": {
-          "filter": [
-            { "term":  { "metricset.name": "cpu" } }
-          ],
-          "must": {
-            "exists": { "field": "system.cpu.iowait.pct" }
-          }
-        }
+  "job_id": "JOB_ID",
+  "indexes": [
+    "INDEX_PATTERN_NAME"
+  ],
+  "query": {
+    "bool": {
+      "filter": {
+        "term":  { "event.dataset": "system.cpu" }
+      },
+      "must": {
+        "exists": { "field": "system.cpu.iowait.pct" }
      }
+    }
  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json
@ -5,9 +5,9 @@
    ],
    "query": {
      "bool": {
-        "filter": [
-          { "term":  { "metricset.name": "filesystem" } }
-        ],
+        "filter": {
+          "term":  { "event.dataset": "system.filesystem" }
+        },
        "must": {
          "exists": { "field": "system.filesystem.used.pct" }
        }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json
@ -6,7 +6,7 @@
    "query": {
      "bool": {
        "must": {
-          "exists": { "field": "metricset.name" }
+          "exists": { "field": "event.dataset" }
        }
      }
    }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json
@ -41,13 +41,13 @@
      "created_by": "ml-module-metricbeat-system",
      "custom_urls": [
        {
-            "url_name": "[Metricbeat System] Host overview ECS",
+            "url_name": "Host overview",
            "time_range": "3h",
            "url_value": "kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027host.name:\u0022$host.name$\u0022\u0027))"
        },
        {
          "url_name": "Raw data",
-          "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'metricset.name:\u0022cpu\u0022'),sort:!('@timestamp',desc))"
+          "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'event.dataset:\u0022system.cpu\u0022'),sort:!('@timestamp',desc))"
        }
      ]
    }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json
@ -41,13 +41,13 @@
      "created_by": "ml-module-metricbeat-system",
      "custom_urls": [
        {
-          "url_name": "[Metricbeat System] Host overview ECS",
+          "url_name": "Host overview",
          "time_range": "3h",
          "url_value": "kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027host.name:\u0022$host.name$\u0022\u0027))"
        },
        {
          "url_name": "Raw data",
-          "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'metricset.name:\u0022filesystem\u0022'),sort:!('@timestamp',desc))"
+          "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'event.dataset:\u0022system.filesystem\u0022'),sort:!('@timestamp',desc))"
        }
      ]
    }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json
@ -8,11 +8,11 @@
        {
          "detector_description": "low_count",
          "function": "low_count",
-          "partition_field_name": "metricset.name"
+          "partition_field_name": "event.dataset"
        }
      ],
      "influencers": [
-        "metricset.name"
+        "event.dataset"
      ]
    },
    "analysis_limits": {