From 3577c43d905583b2a5f6b7ca29c97a08fb10e7de Mon Sep 17 00:00:00 2001 From: Pete Harverson Date: Mon, 29 Apr 2019 11:09:16 +0100 Subject: [PATCH] [ML] Edit queries in Metricbeat module to use event.dataset field (#35653) --- .../metricbeat_system_ecs/manifest.json | 9 +++---- .../ml/datafeed_high_mean_cpu_iowait_ecs.json | 26 +++++++++---------- .../ml/datafeed_max_disk_utilization_ecs.json | 6 ++--- .../ml/datafeed_metricbeat_outages_ecs.json | 2 +- .../ml/high_mean_cpu_iowait_ecs.json | 4 +-- .../ml/max_disk_utilization_ecs.json | 4 +-- .../ml/metricbeat_outages_ecs.json | 4 +-- 7 files changed, 26 insertions(+), 29 deletions(-) diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json index 3fb1799edcc7..79a201a79700 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/manifest.json @@ -7,12 +7,9 @@ "defaultIndexPattern": "metricbeat-*", "query": { "bool": { - "should": [ - {"bool": {"filter": {"term": {"metricset.name": "load"}}}}, - {"bool": {"filter": {"term": {"metricset.name": "cpu"}}}}, - {"bool": {"filter": {"term": {"metricset.name": "filesystem"}}}} - ], - "filter": {"term": {"event.module": "system"}} + "filter": { + "terms" : { "event.dataset" : ["system.cpu", "system.filesystem"]} + } } }, "jobs": [ diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json index f7f111780df9..fd164e218ee2 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_high_mean_cpu_iowait_ecs.json @@ -1,16 +1,16 @@ { - "job_id": "JOB_ID", - "indexes": [ - "INDEX_PATTERN_NAME" - ], - "query": { - "bool": { - "filter": [ - { "term": { "metricset.name": "cpu" } } - ], - "must": { - "exists": { "field": "system.cpu.iowait.pct" } - } - } + "job_id": "JOB_ID", + "indexes": [ + "INDEX_PATTERN_NAME" + ], + "query": { + "bool": { + "filter": { + "term": { "event.dataset": "system.cpu" } + }, + "must": { + "exists": { "field": "system.cpu.iowait.pct" } } + } } +} diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json index b89ace9a1a7a..0b1a6099d679 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_max_disk_utilization_ecs.json @@ -5,9 +5,9 @@ ], "query": { "bool": { - "filter": [ - { "term": { "metricset.name": "filesystem" } } - ], + "filter": { + "term": { "event.dataset": "system.filesystem" } + }, "must": { "exists": { "field": "system.filesystem.used.pct" } } diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json index 07c4c8d2fc12..35974310eadb 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/datafeed_metricbeat_outages_ecs.json @@ -6,7 +6,7 @@ "query": { "bool": { "must": { - "exists": { "field": "metricset.name" } + "exists": { "field": "event.dataset" } } } } diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json index b365a9cfc5c2..2025d5d94f75 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/high_mean_cpu_iowait_ecs.json @@ -41,13 +41,13 @@ "created_by": "ml-module-metricbeat-system", "custom_urls": [ { - "url_name": "[Metricbeat System] Host overview ECS", + "url_name": "Host overview", "time_range": "3h", "url_value": "kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027host.name:\u0022$host.name$\u0022\u0027))" }, { "url_name": "Raw data", - "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'metricset.name:\u0022cpu\u0022'),sort:!('@timestamp',desc))" + "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'event.dataset:\u0022system.cpu\u0022'),sort:!('@timestamp',desc))" } ] } diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json index 3d971e6f876f..5267245750e9 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/max_disk_utilization_ecs.json @@ -41,13 +41,13 @@ "created_by": "ml-module-metricbeat-system", "custom_urls": [ { - "url_name": "[Metricbeat System] Host overview ECS", + "url_name": "Host overview", "time_range": "3h", "url_value": "kibana#/dashboard/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027host.name:\u0022$host.name$\u0022\u0027))" }, { "url_name": "Raw data", - "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'metricset.name:\u0022filesystem\u0022'),sort:!('@timestamp',desc))" + "url_value": "kibana#/discover/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'event.dataset:\u0022system.filesystem\u0022'),sort:!('@timestamp',desc))" } ] } diff --git a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json index 223d3b3f2a33..ba6179d31064 100644 --- a/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json +++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/metricbeat_system_ecs/ml/metricbeat_outages_ecs.json @@ -8,11 +8,11 @@ { "detector_description": "low_count", "function": "low_count", - "partition_field_name": "metricset.name" + "partition_field_name": "event.dataset" } ], "influencers": [ - "metricset.name" + "event.dataset" ] }, "analysis_limits": {