Tutorial: Getting started with machine learningedit

Ready to get some hands-on experience with the machine learning features? This tutorial shows you how to:

  • Load a sample data set into Elasticsearch
  • Create single and multi-metric machine learning jobs in Kibana
  • Use the results to identify possible anomalies in the data

At the end of this tutorial, you should have a good idea of what machine learning is and will hopefully be inspired to use it to detect anomalies in your own data.

You might also be interested in these video tutorials, which use the same sample data:

Before you beginedit

  1. Install Elasticsearch and Kibana. You can follow the steps in Getting started with the Elastic Stack. Elasticsearch stores the data and the analysis results. Kibana provides a helpful user interface for creating and viewing jobs.

    To get started, you can install Elasticsearch and Kibana on a single VM or even on your laptop (requires 64-bit OS). As you add more data and your traffic grows, you’ll want to replace the single Elasticsearch instance with a cluster.

  2. Launch the Kibana web interface by pointing your browser to port 5601. For example, http://127.0.0.1:5601.
  3. Obtain a license that includes the machine learning features.

    By default, when you install Elastic Stack products, they apply basic licenses with no expiration dates. To view your license in Kibana, go to Management and click License Management.

    The License Management page in Kibana

    For more information about Elastic license levels, see https://www.elastic.co/subscriptions.

    You can start a 30-day trial to try out all of the platinum features, including security features and machine learning features. Click Start trial on the License Management page in Kibana.

    If your cluster has already activated a trial license for the current major version, you cannot start a new trial. For example, if you have already activated a trial for v6.0, you cannot start a new trial until v7.0.

    At the end of the trial period, the platinum features operate in a degraded mode. You can revert to a basic license, extend the trial, or purchase a subscription.

  4. If the Elasticsearch security features are enabled in your cluster, you need a user that has appropriate authority to perform the steps in this tutorial.

    The machine learning features use cluster privileges and built-in roles to make it easier to control which users have authority to view and manage the jobs, datafeeds, and results.

    By default, you can perform all of the steps in this tutorial by using the built-in elastic super user. However, the password must be set before the user can do anything. For information about how to set that password, see Getting started with security.

    If you are performing these steps in a production environment, take extra care because elastic has the superuser role and you could inadvertently make significant changes to the system. You can alternatively assign the machine_learning_admin and kibana_user roles to a user ID of your choice.

    For more information, see Built-in roles and Security privileges.

  5. Optional: If you have multiple nodes in your cluster, you can optionally dedicate nodes to specific purposes. If you want to control which nodes are machine learning nodes or limit which nodes run resource-intensive activity related to jobs, see machine learning node settings.