From dbb7f457fb30e2c94a82560050568bc5b0ceeb1f Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 1 Jun 2021 17:28:20 -0700 Subject: [PATCH 1/7] [DOCS] Indicate Apache and Nginx ML modules are legacy versions --- .../ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc | 7 +++++-- .../ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc | 10 ++++++---- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc index 6922c1d02..6e9840967 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc @@ -5,10 +5,13 @@ Apache ++++ // tag::apache-jobs[] -These {anomaly-job} wizards appear in {kib} if you use +These legacy {anomaly-job} wizards appear in {kib} if you use {filebeat-ref}/index.html[{filebeat}] to ship access logs from your https://httpd.apache.org/[Apache] HTTP servers to {es} and store it using fields -and data types from the Elastic Common Schema (ECS). For more details, see the +and data types from the Elastic Common Schema (ECS). The latest versions are +installed with the Apache integration in {Fleet}. + +For more details, see the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/apache_ecs/ml[GitHub]. diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index 92ac78717..c9ca3b025 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -6,10 +6,12 @@ ++++ // tag::nginx-jobs[] -These {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship access -logs from your http://nginx.org/[Nginx] HTTP servers to {es} and store it using -fields and datatypes from the Elastic Common Schema (ECS). For more details, see -the {dfeed} and job definitions in +These legacy {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship +access logs from your http://nginx.org/[Nginx] HTTP servers to {es} and store it +using fields and datatypes from the Elastic Common Schema (ECS). The latest +versions are installed with the Nginx integration in {fleet}. + +For more details, see the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/nginx_ecs/ml[GitHub]. These configurations are only available if data exists that matches the From 5b869a709ce4e0a2a35e9d01817e967747c21f34 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 3 Jun 2021 14:20:59 -0700 Subject: [PATCH 2/7] [DOCS] Add apache job details --- .../ootb-ml-jobs-apache.asciidoc | 121 ++++++++++++++++-- .../ootb-ml-jobs-nginx.asciidoc | 10 +- 2 files changed, 117 insertions(+), 14 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc index 6e9840967..ac87efc26 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc @@ -5,14 +5,88 @@ Apache ++++ // tag::apache-jobs[] -These legacy {anomaly-job} wizards appear in {kib} if you use -{filebeat-ref}/index.html[{filebeat}] to ship access logs from your -https://httpd.apache.org/[Apache] HTTP servers to {es} and store it using fields -and data types from the Elastic Common Schema (ECS). The latest versions are -installed with the Apache integration in {Fleet}. - -For more details, see the -{dfeed} and job definitions in +These {anomaly-job} wizards appear in {kib} if you use either {filebeat} or the +Apache integration in {fleet} to ship access logs from your +https://httpd.apache.org/[Apache] HTTP servers to {es}. The jobs assume that you use fields +and data types from the Elastic Common Schema (ECS). + +[[apache-access-logs]] +== Apache access logs + +These {anomaly-jobs} find unusual activity in HTTP access logs. + +For more details, see the {dfeed} and job definitions in +https://github.com/elastic/integrations/blob/{branch}/packages/apache/kibana/ml_module/apache-Logs-ml.json[GitHub]. +Note that these jobs are available in {kib} only if data exists that matches the +{dfeed} query. + +low_request_rate_apache:: +Detects low request rates. + +Job details::: + +* Analyzes request rates (using the <>). + +Required {beats} or {agent} integrations::: + +* Apache integration + +source_ip_request_rate_apache:: +Detects unusual source IPs. + +Job details::: + +* Analyzes request rates (using the <>) +relative to all the source IPs (`over_field_name` is `source.address`). + +Required {beats} or {agent} integrations::: + +* Apache integration + +source_ip_url_count_apache:: +Detects unusual source IPs. + +Job details::: + +* Analyzes distinct counts of URLs (using the +<> on the `url.original` +field) relative to all the source IPs (`over_field_name` is `source.address`). + +Required {beats} or {agent} integrations::: + +* Apache integration + +status_code_rate_apache:: +Detects unusual status code rates. + +Job details::: + +* Analyzes request rates (using the <>) split by +status code (`partition_field_name` is `http.response.status_code`). + +Required {beats} or {agent} integrations::: + +* Apache integration + +visitor_rate_apache:: +Detects unusual visitor rates. + +Job details::: + +* Analyzes request rates using the <>. + +Required {beats} or {agent} integrations::: + +* Apache integration + +[[apache-access-logs-filebeat]] +== Apache access logs ({filebeat}) + +These legacy {anomaly-jobs} find unusual activity in HTTP access logs. For the +latest versions, install the Apache integration in {fleet}; see +<>. + +For more details, see the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/apache_ecs/ml[GitHub]. These configurations are only available if data exists that matches the @@ -21,36 +95,67 @@ https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/ low_request_rate_ecs:: +Job details::: + * For HTTP web access logs where `event.dataset` is `apache.access`. * Models the event rate of HTTP requests. * Detects unusually low counts of HTTP requests compared to the previous event rate. +Required {beats} or {agent} integrations::: + +* {filebeat} + source_ip_request_rate_ecs:: +Job details::: + * For HTTP web access logs where `event.dataset` is `apache.access`. * Models the event rate of HTTP requests by source IP. * Detects source IPs with unusually high request rates in the HTTP access log compared to the previous rate. + +Required {beats} or {agent} integrations::: + +* {filebeat} source_ip_url_count_ecs:: +Job details::: + * For HTTP web access logs where `event.dataset` is `apache.access`. * Models the event rate of HTTP requests by source IP. * Detects source IPs with unusually high distinct count of URLs in the HTTP access log. +Required {beats} or {agent} integrations::: + +* {filebeat} + status_code_rate_ecs:: +Job details::: + * For HTTP web access logs where `event.dataset` is `apache.access`. * Models the occurrences of HTTP response status codes. * Detects unusual status code rates in the HTTP access log compared to previous rates. +Required {beats} or {agent} integrations::: + +* {filebeat} + visitor_rate_ecs:: +Job details::: + * For HTTP web access logs where `event.dataset` is `apache.access`. * Models visitor rates. * Detects unusual visitor rates in the HTTP access log compared to previous rates. + +Required {beats} or {agent} integrations::: + +* {filebeat} + // end::apache-jobs[] \ No newline at end of file diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index c9ca3b025..92ac78717 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -6,12 +6,10 @@ ++++ // tag::nginx-jobs[] -These legacy {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship -access logs from your http://nginx.org/[Nginx] HTTP servers to {es} and store it -using fields and datatypes from the Elastic Common Schema (ECS). The latest -versions are installed with the Nginx integration in {fleet}. - -For more details, see the {dfeed} and job definitions in +These {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship access +logs from your http://nginx.org/[Nginx] HTTP servers to {es} and store it using +fields and datatypes from the Elastic Common Schema (ECS). For more details, see +the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/nginx_ecs/ml[GitHub]. These configurations are only available if data exists that matches the From 72184afe952bb4c125bc0f063ddafb31ae81b4a9 Mon Sep 17 00:00:00 2001 From: lcawl Date: Thu, 3 Jun 2021 14:49:26 -0700 Subject: [PATCH 3/7] [DOCS] Adds new nginx ML modules --- .../ootb-ml-jobs-nginx.asciidoc | 119 +++++++++++++++++- 1 file changed, 115 insertions(+), 4 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index 92ac78717..804ac3867 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -6,10 +6,96 @@ ++++ // tag::nginx-jobs[] -These {anomaly-job} wizards appear in {kib} if you use {filebeat} to ship access -logs from your http://nginx.org/[Nginx] HTTP servers to {es} and store it using -fields and datatypes from the Elastic Common Schema (ECS). For more details, see -the {dfeed} and job definitions in + +These {anomaly-job} wizards appear in {kib} if you use either {filebeat} or the +Nginx integration in {fleet} to ship access logs from your +http://nginx.org/[Nginx] HTTP servers to {es}. The jobs assume that you use +fields and data types from the Elastic Common Schema (ECS). + +[[nginx-access-logs]] +== Nginx access logs + +These {anomaly-jobs} find unusual activity in HTTP access logs. + +For more details, see the {dfeed} and job definitions in +https://github.com/elastic/integrations/blob/{branch}/packages/nginx/kibana/ml_module/nginx-Logs-ml.json[GitHub]. +Note that these jobs are available in {kib} only if data exists that matches the +{dfeed} query. + +Job details::: + +Required {beats} or {agent} integrations::: + +* Nginx integration + +low_request_rate_nginx:: +Detects low request rates. + +Job details::: + +* Analyzes request rates (using the <>). + +Required {beats} or {agent} integrations::: + +* Nginx integration + +source_ip_request_rate_nginx:: +Detects unusual source IPs. + +Job details::: + +* Analyzes request rates (using the <>) +relative to all the source IPs (`over_field_name` is `source.address`). + +Required {beats} or {agent} integrations::: + +* Nginx integration + +source_ip_url_count_nginx:: +Detects unusual source IPs. + +Job details::: + +* Analyzes distinct counts of URLs (using the +<> on the `url.original` +field) relative to all the source IPs (`over_field_name` is `source.address`). + +Required {beats} or {agent} integrations::: + +* Nginx integration + +status_code_rate_nginx:: +Detects unusual status code rates. + +Job details::: + +* Analyzes request rates (using the <>) split by +status code (`partition_field_name` is `http.response.status_code`). + + +Required {beats} or {agent} integrations::: + +* Nginx integration + +visitor_rate_nginx:: +Detects unusual visitor rates. + +Job details::: + +* Analyzes request rates using the <>. + +Required {beats} or {agent} integrations::: + +* Nginx integration + +[[nginx-access-logs-filebeat]] +== Nginx access logs ({filebeat}) + +These legacy {anomly-jobs} find unusual activity in HTTP access logs. For the +latest versions, install the Nginx integration in {fleet}; see +<>. + +For more details, see the {dfeed} and job definitions in https://github.com/elastic/kibana/tree/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/nginx_ecs/ml[GitHub]. These configurations are only available if data exists that matches the @@ -19,37 +105,62 @@ https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/ low_request_rate_ecs:: +Job details::: * For HTTP web access logs where `event.dataset` is `nginx.access`. * Models the event rate of http requests. * Detects unusually low counts of HTTP requests compared to the previous event rate. + +Required {beats} or {agent} integrations::: + +* {filebeat} source_ip_request_rate_ecs:: +Job details::: * For HTTP web access logs where `event.dataset` is `nginx.access`. * Models the event rate of HTTP requests by source IP. * Detects source IPs with unusually high request rates in the HTTP access log compared to the previous rate. +Required {beats} or {agent} integrations::: + +* {filebeat} + source_ip_url_count_ecs:: +Job details::: * For HTTP web access logs where `event.dataset` is `nginx.access`. * Models the event rate of HTTP requests by source IP. * Detects source IPs with unusually high distinct count of URLs in the HTTP access log. + +Required {beats} or {agent} integrations::: + +* {filebeat} status_code_rate_ecs:: +Job details::: * For HTTP web access logs where `event.dataset` is `nginx.access`. * Models the occurrences of HTTP response status codes. * Detects unusual status code rates in the HTTP access log compared to previous rates. +Required {beats} or {agent} integrations::: + +* {filebeat} + visitor_rate_ecs:: +Job details::: * For HTTP web access logs where `event.dataset` is `nginx.access`. * Models visitor rates. * Detects unusual visitor rates in the HTTP access log compared to previous rates. + +Required {beats} or {agent} integrations::: + +* {filebeat} // end::nginx-jobs[] \ No newline at end of file From 0fb7063ba2e837c7ce97f9258c52c0ad613d1e2d Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Fri, 4 Jun 2021 08:18:35 -0700 Subject: [PATCH 4/7] Update docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: István Zoltán Szabó --- docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index 804ac3867..fd1dc4fd3 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -72,7 +72,6 @@ Job details::: * Analyzes request rates (using the <>) split by status code (`partition_field_name` is `http.response.status_code`). - Required {beats} or {agent} integrations::: * Nginx integration @@ -163,4 +162,4 @@ Required {beats} or {agent} integrations::: * {filebeat} -// end::nginx-jobs[] \ No newline at end of file +// end::nginx-jobs[] From e64ca4b59cfdf14a41263ef0e69ac1aa990e7fc5 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Fri, 4 Jun 2021 08:30:52 -0700 Subject: [PATCH 5/7] Update docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: István Zoltán Szabó --- .../stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index fd1dc4fd3..0a6fc2f67 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -22,12 +22,6 @@ https://github.com/elastic/integrations/blob/{branch}/packages/nginx/kibana/ml_m Note that these jobs are available in {kib} only if data exists that matches the {dfeed} query. -Job details::: - -Required {beats} or {agent} integrations::: - -* Nginx integration - low_request_rate_nginx:: Detects low request rates. From cef48023d5c97caf1c44fbe64700d4d2378b4b50 Mon Sep 17 00:00:00 2001 From: lcawl Date: Mon, 7 Jun 2021 09:10:38 -0700 Subject: [PATCH 6/7] [DOCS] Simplifies Filebeat module details --- .../ootb-ml-jobs-apache.asciidoc | 43 ++++++++----------- .../ootb-ml-jobs-nginx.asciidoc | 39 ++++++++--------- 2 files changed, 38 insertions(+), 44 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc index ac87efc26..938962aec 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-apache.asciidoc @@ -5,10 +5,10 @@ Apache ++++ // tag::apache-jobs[] -These {anomaly-job} wizards appear in {kib} if you use either {filebeat} or the -Apache integration in {fleet} to ship access logs from your -https://httpd.apache.org/[Apache] HTTP servers to {es}. The jobs assume that you use fields -and data types from the Elastic Common Schema (ECS). +These {anomaly-job} wizards appear in {kib} if you use the Apache integration in +{fleet} or you use {filebeat} to ship access logs from your +https://httpd.apache.org/[Apache] HTTP servers to {es}. The jobs assume that you +use fields and data types from the Elastic Common Schema (ECS). [[apache-access-logs]] == Apache access logs @@ -94,39 +94,36 @@ recognizer query specified in the https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/data_recognizer/modules/apache_ecs/manifest.json#L8[manifest file]. low_request_rate_ecs:: +Detects low request rates. Job details::: -* For HTTP web access logs where `event.dataset` is `apache.access`. -* Models the event rate of HTTP requests. -* Detects unusually low counts of HTTP requests compared to the previous event - rate. +* Analyzes request rates (using the <>). Required {beats} or {agent} integrations::: * {filebeat} source_ip_request_rate_ecs:: +Detects unusual source IPs. Job details::: -* For HTTP web access logs where `event.dataset` is `apache.access`. -* Models the event rate of HTTP requests by source IP. -* Detects source IPs with unusually high request rates in the HTTP access log - compared to the previous rate. +* Analyzes request rates (using the <>) +relative to all the source IPs (`over_field_name` is `source.address`). Required {beats} or {agent} integrations::: * {filebeat} source_ip_url_count_ecs:: +Detects unusal source IPs. Job details::: -* For HTTP web access logs where `event.dataset` is `apache.access`. -* Models the event rate of HTTP requests by source IP. -* Detects source IPs with unusually high distinct count of URLs in the HTTP -access log. +* Analyzes distinct counts of URLs (using the +<> on the `url.original` +field) relative to all the source IPs (`over_field_name` is `source.address`). Required {beats} or {agent} integrations::: @@ -134,25 +131,23 @@ Required {beats} or {agent} integrations::: status_code_rate_ecs:: +Detects unusual status code rates. + Job details::: -* For HTTP web access logs where `event.dataset` is `apache.access`. -* Models the occurrences of HTTP response status codes. -* Detects unusual status code rates in the HTTP access log compared to previous - rates. +* Analyzes request rates (using the <>) split by +status code (`partition_field_name` is `http.response.status_code`). Required {beats} or {agent} integrations::: * {filebeat} visitor_rate_ecs:: +Detects unusual visitor rates. Job details::: -* For HTTP web access logs where `event.dataset` is `apache.access`. -* Models visitor rates. -* Detects unusual visitor rates in the HTTP access log compared to previous - rates. +* Analyzes request rates using the <>. Required {beats} or {agent} integrations::: diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index 0a6fc2f67..c706c2ac9 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -97,60 +97,59 @@ https://github.com/elastic/kibana/blob/{branch}/x-pack/plugins/ml/server/models/ low_request_rate_ecs:: +Detects low request rates. Job details::: -* For HTTP web access logs where `event.dataset` is `nginx.access`. -* Models the event rate of http requests. -* Detects unusually low counts of HTTP requests compared to the previous event - rate. + +* Analyzes request rates (using the <>). Required {beats} or {agent} integrations::: * {filebeat} source_ip_request_rate_ecs:: +Detects unusual source IPs. Job details::: -* For HTTP web access logs where `event.dataset` is `nginx.access`. -* Models the event rate of HTTP requests by source IP. -* Detects source IPs with unusually high request rates in the HTTP access log - compared to the previous rate. + +* Analyzes request rates (using the <>) +relative to all the source IPs (`over_field_name` is `source.address`). Required {beats} or {agent} integrations::: * {filebeat} source_ip_url_count_ecs:: +Detects unusual source IPs. Job details::: -* For HTTP web access logs where `event.dataset` is `nginx.access`. -* Models the event rate of HTTP requests by source IP. -* Detects source IPs with unusually high distinct count of URLs in the HTTP - access log. + +* Analyzes distinct counts of URLs (using the +<> on the `url.original` +field) relative to all the source IPs (`over_field_name` is `source.address`). Required {beats} or {agent} integrations::: * {filebeat} status_code_rate_ecs:: +Detects unusual status code rates. Job details::: -* For HTTP web access logs where `event.dataset` is `nginx.access`. -* Models the occurrences of HTTP response status codes. -* Detects unusual status code rates in the HTTP access log compared to previous - rates. + +* Analyzes request rates (using the <>) split by +status code (`partition_field_name` is `http.response.status_code`). Required {beats} or {agent} integrations::: * {filebeat} visitor_rate_ecs:: +Detects unusual visitor rates. Job details::: -* For HTTP web access logs where `event.dataset` is `nginx.access`. -* Models visitor rates. -* Detects unusual visitor rates in the HTTP access log compared to previous - rates. + +* Analyzes request rates using the <>. Required {beats} or {agent} integrations::: From cffcbf2ceb0cc0baff4e7c475e844e3c54c7bdd3 Mon Sep 17 00:00:00 2001 From: lcawl Date: Tue, 8 Jun 2021 09:47:40 -0700 Subject: [PATCH 7/7] [DOCS] Fixes typo --- .../stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc index c706c2ac9..e9e1c60fc 100644 --- a/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ootb-ml-jobs-nginx.asciidoc @@ -7,8 +7,8 @@ // tag::nginx-jobs[] -These {anomaly-job} wizards appear in {kib} if you use either {filebeat} or the -Nginx integration in {fleet} to ship access logs from your +These {anomaly-job} wizards appear in {kib} if you use the Nginx integration in +{fleet} or you use {filebeat} to ship access logs from your http://nginx.org/[Nginx] HTTP servers to {es}. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS). @@ -84,7 +84,7 @@ Required {beats} or {agent} integrations::: [[nginx-access-logs-filebeat]] == Nginx access logs ({filebeat}) -These legacy {anomly-jobs} find unusual activity in HTTP access logs. For the +These legacy {anomaly-jobs} find unusual activity in HTTP access logs. For the latest versions, install the Nginx integration in {fleet}; see <>.