Creating anomaly detection jobs

Anomaly detection jobs contain the configuration information and metadata necessary to perform an analytics task.

You can create anomaly detection jobs by using the Create anomaly detection jobs API. Kibana also provides the following wizards to make it easier to create jobs:

Create New Job

A single metric job is a simple job that contains a single detector. A detector defines the type of analysis that will occur and which fields to analyze. In addition to limiting the number of detectors, the single metric job creation wizard omits many of the more advanced configuration options.

A multi-metric job can contain more than one detector, which is more efficient than running multiple jobs against the same data.

A population job detects activity that is unusual compared to the behavior of the population. For more information, see Performing population analysis.

An advanced job can contain multiple detectors and enables you to configure all job settings.

Kibana can also recognize certain types of data and provide specialized wizards for that context. For example, if you use Filebeat to ship access logs from your Nginx and Apache HTTP servers to Elasticsearch and store it using fields and datatypes from the Elastic Common Schema (ECS), the following wizards appear:

A screenshot of the Filebeat job creation wizards

Likewise, if you use Auditbeat to audit process activity on your systems, the following wizards appear:

A screenshot of the Auditbeat job creation wizards

These wizards create anomaly detection jobs, dashboards, searches, and visualizations that are customized to help you analyze your Auditbeat and Filebeat data.

If you are not certain which type of job to create, you can use the Data Visualizer to learn more about your data. If your index pattern contains a time field, it can identify possible fields for machine learning analysis.

If your data is located outside of Elasticsearch, you cannot use Kibana to create your jobs and you cannot use datafeeds to retrieve your data in real time. Anomaly detection is still possible, however, by using APIs to create and manage jobs and post data to them. For more information, see Machine Learning APIs.

Ready to get some hands-on experience? See Tutorial: Getting started with machine learning.

The following video tutorials also demonstrate single metric, multi-metric, and advanced jobs: