From b051676791a1ff22ba00e235d985bc445f6e40b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Fri, 18 Sep 2020 11:49:44 +0200 Subject: [PATCH 1/6] [DOCS] Adds Metrics AD configurations to OOTB jobs. --- .../stack/ml/anomaly-detection/index.asciidoc | 2 + .../ootb-ml-jobs-metrics-ui.asciidoc | 60 +++++++++++++++++++ .../anomaly-detection/ootb-ml-jobs.asciidoc | 1 + 3 files changed, 63 insertions(+) create mode 100644 docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc diff --git a/docs/en/stack/ml/anomaly-detection/index.asciidoc b/docs/en/stack/ml/anomaly-detection/index.asciidoc index 76c99592f..a4289292c 100644 --- a/docs/en/stack/ml/anomaly-detection/index.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/index.asciidoc @@ -42,6 +42,8 @@ include::ootb-ml-jobs-logs-ui.asciidoc[leveloffset=+2] include::ootb-ml-jobs-metricbeat.asciidoc[leveloffset=+2] +include::ootb-ml-jobs-metrics-ui.asccidoc[leveloffset=+2] + include::ootb-ml-jobs-nginx.asciidoc[leveloffset=+2] include::ootb-ml-jobs-siem.asciidoc[leveloffset=+2] diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc new file mode 100644 index 000000000..877a02ca5 --- /dev/null +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc @@ -0,0 +1,60 @@ +[role="xpack"] +[[ootb-ml-jobs-metrics-ui]] += Metrics {anomaly-detect} configurations +++++ +Metrics +++++ + +// tag::metrics-jobs[] +These {anomaly-jobs} can be created in the +{kibana-ref}/xpack-infra.html[Metrics app] in {kib}. + + +The jobs below detect anomalous memory and network behavior on hosts and +Kubernetes pods. For more details, see the {dfeed} and job definitions in the +`metrics_ui_*` folders in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules[GitHub]. + + +hosts_memory_usage:: + +* For memory usage via the Metrics UI. +* Models system memory usage. +* Detects unusual increases in memory usage across hosts. + + +hosts_network_in:: + +* For network traffic via the Metrics UI. +* Models inbound network traffic. +* Detects unusually high inbound traffic across hosts. + + +hosts_network_out:: + +* For network traffic via the Metrics UI. +* Models outbound network traffic. +* Detects unusually high outbound traffic across hosts. + + +k8s_memory_usage:: + +* For memory usage via the Metrics UI. +* Models system memory usage. +* Detects unusual increases in memory usage across Kubernetes pods. + + +k8s_network_in:: + +* For network traffic via the Metrics UI. +* Models inbound network traffic. +* Detects unusually high inbound traffic across Kubernetes pods. + + +k8s_network_out:: + +* For network traffic via the Metrics UI. +* Models outbound network traffic. +* Detects unusually high outbound traffic across Kubernetes pods. + + +// end::metrics-jobs[] \ No newline at end of file diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc index 905df41cf..41d57826b 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs.asciidoc @@ -15,6 +15,7 @@ the {anomaly-jobs} that are ready to use via {kib}. * <> * <> * <> +* <> * <> * <> * <> From e00d93582be7703401fe3b4bfe32a17691207424 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Fri, 18 Sep 2020 15:35:47 +0200 Subject: [PATCH 2/6] [DOCS] Adds description of partition field. --- .../ootb-ml-jobs-metrics-ui.asciidoc | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc index 877a02ca5..104e734ce 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc @@ -7,8 +7,16 @@ // tag::metrics-jobs[] These {anomaly-jobs} can be created in the -{kibana-ref}/xpack-infra.html[Metrics app] in {kib}. - +{kibana-ref}/xpack-infra.html[Metrics app] in {kib}. When you create one of +these jobs, you need to select a field that splits the data to establish +separate baselines for the job. This is called a partion field. Each value of +the partition field is modeled individually which enables more independent +anomaly scoring. + +When you select partition field for a job, take into account field cardinality; +the number of different values that the field contains. If the partition field +has more than 1000 distinct values per job, you are advised that there might be +high memory usage. The jobs below detect anomalous memory and network behavior on hosts and Kubernetes pods. For more details, see the {dfeed} and job definitions in the From b4ecf26aaa94da90de11c05c680bda3c758aeae5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Fri, 18 Sep 2020 17:06:13 +0200 Subject: [PATCH 3/6] [DOCS] Fixes index.asciidoc. --- docs/en/stack/ml/anomaly-detection/index.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/stack/ml/anomaly-detection/index.asciidoc b/docs/en/stack/ml/anomaly-detection/index.asciidoc index a4289292c..09241c4e6 100644 --- a/docs/en/stack/ml/anomaly-detection/index.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/index.asciidoc @@ -42,7 +42,7 @@ include::ootb-ml-jobs-logs-ui.asciidoc[leveloffset=+2] include::ootb-ml-jobs-metricbeat.asciidoc[leveloffset=+2] -include::ootb-ml-jobs-metrics-ui.asccidoc[leveloffset=+2] +include::ootb-ml-jobs-metrics-ui.asciidoc[leveloffset=+2] include::ootb-ml-jobs-nginx.asciidoc[leveloffset=+2] From db308b0d420b2b1595f4c34542dd8a7a37ebf651 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Mon, 21 Sep 2020 11:06:09 +0200 Subject: [PATCH 4/6] Update docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc Co-authored-by: Lisa Cawley --- .../ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc index 104e734ce..41f20b635 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc @@ -46,7 +46,7 @@ hosts_network_out:: k8s_memory_usage:: -* For memory usage via the Metrics UI. +* For memory usage data about Kubernetes pods in the {metrics-app}. * Models system memory usage. * Detects unusual increases in memory usage across Kubernetes pods. @@ -65,4 +65,4 @@ k8s_network_out:: * Detects unusually high outbound traffic across Kubernetes pods. -// end::metrics-jobs[] \ No newline at end of file +// end::metrics-jobs[] From 81f92a97f83d73ff3379aec569b6bfe6f181eb3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Mon, 21 Sep 2020 11:35:49 +0200 Subject: [PATCH 5/6] [DOCS] Addresses feedback. --- .../anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc index 41f20b635..ea0fc2822 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc @@ -25,21 +25,21 @@ Kubernetes pods. For more details, see the {dfeed} and job definitions in the hosts_memory_usage:: -* For memory usage via the Metrics UI. +* For memory usage data about hosts in the {metrics-app}. * Models system memory usage. * Detects unusual increases in memory usage across hosts. hosts_network_in:: -* For network traffic via the Metrics UI. +* For network traffic across hosts in the {metrics-app}. * Models inbound network traffic. * Detects unusually high inbound traffic across hosts. hosts_network_out:: -* For network traffic via the Metrics UI. +* For network traffic across hosts in the {metrics-app}. * Models outbound network traffic. * Detects unusually high outbound traffic across hosts. @@ -53,14 +53,14 @@ k8s_memory_usage:: k8s_network_in:: -* For network traffic via the Metrics UI. +* For network traffic accross Kubernetes pods in the {metrics-app}. * Models inbound network traffic. * Detects unusually high inbound traffic across Kubernetes pods. k8s_network_out:: -* For network traffic via the Metrics UI. +* For network traffic across Kubernetes pods in the {metrics-app}. * Models outbound network traffic. * Detects unusually high outbound traffic across Kubernetes pods. From b52638171812757a68123b99b35fe19a2bf748a8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Tue, 6 Oct 2020 11:33:07 +0200 Subject: [PATCH 6/6] [DOCS] Changes link and removes configuration info. --- .../ootb-ml-jobs-metrics-ui.asciidoc | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc index ea0fc2822..3b4fbc63e 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-metrics-ui.asciidoc @@ -7,20 +7,12 @@ // tag::metrics-jobs[] These {anomaly-jobs} can be created in the -{kibana-ref}/xpack-infra.html[Metrics app] in {kib}. When you create one of -these jobs, you need to select a field that splits the data to establish -separate baselines for the job. This is called a partion field. Each value of -the partition field is modeled individually which enables more independent -anomaly scoring. - -When you select partition field for a job, take into account field cardinality; -the number of different values that the field contains. If the partition field -has more than 1000 distinct values per job, you are advised that there might be -high memory usage. +{observability-guide}/analyze-metrics.html[Metrics app] in {kib}. The jobs below detect anomalous memory and network behavior on hosts and Kubernetes pods. For more details, see the {dfeed} and job definitions in the -`metrics_ui_*` folders in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules[GitHub]. +`metrics_ui_*` folders in +https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules[GitHub]. hosts_memory_usage::