Machine Learningedit

As datasets increase in size and complexity, the human effort required to inspect dashboards or maintain rules for spotting infrastructure problems, cyber attacks, or business issues becomes impractical. The Elastic machine learning features automatically model the normal behavior of your time series data — learning trends, periodicity, and more — in real time to identify anomalies, streamline root cause analysis, and reduce false positives.

The machine learning features run in and scale with Elasticsearch, and include an intuitive UI on the Kibana Machine Learning page for creating anomaly detection jobs and understanding results.

If you have a basic license, you can use the Data Visualizer to learn more about your data. In particular, if your data is stored in Elasticsearch and contains a time field, you can use the Data Visualizer to identify possible fields for machine learning analysis:

[preview] This functionality is in technical preview and may be changed or removed in a future release. Elastic will work to fix any issues, but features in technical preview are not subject to the support SLA of official GA features. You can also upload a CSV, NDJSON, or log file (up to 100 MB in size). The machine learning features identify the file format and field mappings. You can then optionally import that data into an Elasticsearch index.

If you have a trial or platinum license, you can create machine learning jobs and manage jobs and datafeeds from the Job Management pane:

You can use the Settings pane to create and edit calendars and the filters that are used in custom rules:

The Anomaly Explorer and Single Metric Viewer display the results of your machine learning jobs. For example:

For more information about machine learning, see Machine learning in the Elastic Stack.