Creating anomaly detection jobsedit

Anomaly detection jobs contain the configuration information and metadata necessary to perform an analytics task.

You can create anomaly detection jobs by using the Create anomaly detection jobs API. Kibana also provides the following wizards to make it easier to create jobs:

A single metric job is a simple job that contains a single detector. A detector defines the type of analysis that will occur and which fields to analyze. In addition to limiting the number of detectors, the single metric job creation wizard omits many of the more advanced configuration options.

A multi-metric job can contain more than one detector, which is more efficient than running multiple jobs against the same data.

A population job detects activity that is unusual compared to the behavior of the population. For more information, see Performing population analysis.

An advanced job can contain multiple detectors and enables you to configure all job settings.

Kibana can also recognize certain types of data and provide specialized wizards for that context. For example, if you added the sample web log data set, the following wizard appears:

If you use Filebeat to ship access logs from your Nginx and Apache HTTP servers to Elasticsearch and store it using fields and datatypes from the Elastic Common Schema (ECS), the following wizards appear:

If you use Auditbeat to audit process activity on your systems, the following wizards appear:

Likewise, if you use the Metricbeat system module to monitor your servers, the following wizards appear:

These wizards create anomaly detection jobs, dashboards, searches, and visualizations that are customized to help you analyze your Auditbeat, Filebeat, and Metricbeat data.