75 lines
2.8 KiB
Plaintext
75 lines
2.8 KiB
Plaintext
[role="xpack"]
|
|
[[xpack-ml]]
|
|
= Machine Learning
|
|
|
|
[partintro]
|
|
--
|
|
|
|
As datasets increase in size and complexity, the human effort required to
|
|
inspect dashboards or maintain rules for spotting infrastructure problems,
|
|
cyber attacks, or business issues becomes impractical. The Elastic {ml-features}
|
|
automatically model the normal behavior of your time series data — learning
|
|
trends, periodicity, and more — in real time to identify anomalies, streamline
|
|
root cause analysis, and reduce false positives.
|
|
|
|
The {ml-features} run in and scale with {es}, and include an
|
|
intuitive UI on the {kib} *Machine Learning* page for creating anomaly detection
|
|
jobs and understanding results.
|
|
|
|
If you have a basic license, you can use the *Data Visualizer* to learn more
|
|
about the data that you've stored in {es} and to identify possible fields for
|
|
{ml} analysis:
|
|
|
|
[role="screenshot"]
|
|
image::ml/images/ml-data-visualizer-sample.jpg[Data Visualizer for sample flight data]
|
|
|
|
experimental[] You can also upload a CSV, NDJSON, or log file (up to 100 MB in size).
|
|
The {ml-features} identify the file format and field mappings. You can then
|
|
optionally import that data into an {es} index.
|
|
|
|
If you have a trial or platinum license, you can <<ml-jobs,create {ml} jobs>>
|
|
and manage jobs and {dfeeds} from the *Job Management* pane:
|
|
|
|
[role="screenshot"]
|
|
image::ml/images/ml-job-management.jpg[Job Management]
|
|
|
|
You can use the *Settings* pane to create and edit
|
|
{stack-ov}/ml-calendars.html[calendars] and the filters that are used in
|
|
{stack-ov}/ml-rules.html[custom rules]:
|
|
|
|
[role="screenshot"]
|
|
image::ml/images/ml-settings.jpg[Calendar Management]
|
|
|
|
The *Anomaly Explorer* and *Single Metric Viewer* display the results of your
|
|
{ml} jobs. For example:
|
|
|
|
[role="screenshot"]
|
|
image::ml/images/ml-single-metric-viewer.jpg[Single Metric Viewer]
|
|
|
|
You can optionally add annotations by drag-selecting a period of time in
|
|
the *Single Metric Viewer* and adding a description. For example, you can add an
|
|
explanation for anomalies in that time period or provide notes about what is
|
|
occurring in your operational environment at that time:
|
|
|
|
[role="screenshot"]
|
|
image::ml/images/ml-annotations-list.jpg[Single Metric Viewer with annotations]
|
|
|
|
In some circumstances, annotations are also added automatically. For example, if
|
|
the {ml} analytics detect that there is missing data, it annotates the affected
|
|
time period. For more information, see
|
|
{stack-ov}/ml-delayed-data-detection.html[Handling delayed data].
|
|
The *Job Management* pane shows the full list of annotations for each job.
|
|
|
|
NOTE: The {kib} {ml-features} use pop-ups. You must configure your
|
|
web browser so that it does not block pop-up windows or create an exception for
|
|
your {kib} URL.
|
|
|
|
For more information about {ml}, see
|
|
{stack-ov}/xpack-ml.html[Machine learning in the {stack}].
|
|
|
|
--
|
|
|
|
include::creating-jobs.asciidoc[]
|
|
include::job-tips.asciidoc[]
|
|
|