[ML] Updates APM Module to Work with Service Maps (#70361)

* updates apm integration job to work with service maps * rename apm job in setup_module test * modifies detector description Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
2020-07-02 11:35:40 -04:00 · 2020-07-02 11:35:40 -04:00 · 8a09f247e3
parent 59ece7992b
commit 8a09f247e3
5 changed files with 45 additions and 40 deletions
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/manifest.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/manifest.json
@ -1,29 +1,29 @@
 {
  "id": "apm_transaction",
  "title": "APM",
-  "description": "Detect anomalies in high mean of transaction duration (ECS).",
+  "description": "Detect anomalies in transactions from your APM services.",
  "type": "Transaction data",
  "logoFile": "logo.json",
-  "defaultIndexPattern": "apm-*",
+  "defaultIndexPattern": "apm-*-transaction",
  "query": {
    "bool": {
      "filter": [
        { "term": { "processor.event": "transaction" } },
-        { "term": { "transaction.type": "request" } }
+        { "exists": { "field": "transaction.duration" } }
      ]
    }
  },
  "jobs": [
    {
-      "id": "high_mean_response_time",
-      "file": "high_mean_response_time.json"
+      "id": "high_mean_transaction_duration",
+      "file": "high_mean_transaction_duration.json"
    }
  ],
  "datafeeds": [
    {
-      "id": "datafeed-high_mean_response_time",
-      "file": "datafeed_high_mean_response_time.json",
-      "job_id": "high_mean_response_time"
+      "id": "datafeed-high_mean_transaction_duration",
+      "file": "datafeed_high_mean_transaction_duration.json",
+      "job_id": "high_mean_transaction_duration"
    }
  ]
 }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/datafeed_high_mean_transaction_duration.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/datafeed_high_mean_transaction_duration.json
@ -7,7 +7,7 @@
    "bool": {
      "filter": [
        { "term": { "processor.event": "transaction" } },
-        { "term": { "transaction.type": "request" } }
+        { "exists": { "field": "transaction.duration.us" } }
      ]
    }
  }
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_response_time.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_response_time.json
@ -1,30 +0,0 @@
-{
-  "job_type": "anomaly_detector",
-  "groups": [
-    "apm"
-  ],
-  "description": "Detect anomalies in high mean of transaction duration",
-  "analysis_config": {
-    "bucket_span": "15m",
-    "detectors": [
-      {
-        "detector_description": "high_mean(\"transaction.duration.us\")",
-        "function": "high_mean",
-        "field_name": "transaction.duration.us"
-      }
-    ],
-    "influencers": []
-  },
-  "analysis_limits": {
-    "model_memory_limit": "10mb"
-  },
-  "data_description": {
-    "time_field": "@timestamp"
-  },
-  "model_plot_config": {
-    "enabled": true
-  },
-  "custom_settings": {
-    "created_by": "ml-module-apm-transaction"
-  }
-}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_transaction_duration.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_transaction_duration.json
@ -0,0 +1,35 @@
+{
+  "job_type": "anomaly_detector",
+  "groups": [
+    "apm"
+  ],
+  "description": "Detect transaction duration anomalies across transaction types for your APM services.",
+  "analysis_config": {
+    "bucket_span": "15m",
+    "detectors": [
+      {
+        "detector_description": "high duration by transaction type for an APM service",
+        "function": "high_mean",
+        "field_name": "transaction.duration.us",
+        "by_field_name": "transaction.type",
+        "partition_field_name": "service.name"
+      }
+    ],
+    "influencers": [
+      "transaction.type",
+      "service.name"
+    ]
+  },
+  "analysis_limits": {
+    "model_memory_limit": "32mb"
+  },
+  "data_description": {
+    "time_field": "@timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-apm-transaction"
+  }
+}
--- a/x-pack/test/api_integration/apis/ml/modules/setup_module.ts
+++ b/x-pack/test/api_integration/apis/ml/modules/setup_module.ts
@ -218,7 +218,7 @@ export default ({ getService }: FtrProviderContext) => {
        responseCode: 200,
        jobs: [
          {
-            jobId: 'pf5_high_mean_response_time',
+            jobId: 'pf5_high_mean_transaction_duration',
            jobState: JOB_STATE.CLOSED,
            datafeedState: DATAFEED_STATE.STOPPED,
            modelMemoryLimit: '11mb',