IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Machine Learning in the Elastic Stack [7.5] Anomaly detection Supplied anomaly detection configurations
« Apache Auditbeat »

APMedit

These anomaly detection job wizards appear in Kibana if you have data from APM Agents or an APM Server stored in Elasticsearch.

abnormal_span_durations_jsbase
abnormal_span_durations_nodejs
  • For data from Elastic APM RUM JavaScript agents or Elastic APM Node.js agents (where agent.name is js-base or nodejs).
  • Models the duration of spans (partition_field_name is span.type).
  • Detects for spans that are taking longer than usual to process (using the high_mean function).
abnormal_trace_durations_nodejs
  • For data from Elastic APM Node.js agents (where agent.name is nodejs).
  • Models the duration of trace transactions.
  • Detects trace transactions that are processing slower than usual (using the high_mean function).
anomalous_error_rate_for_user_agents_jsbase
  • For data from Elastic APM RUM JavaScript agents (where agent.name is js-base).
  • Models the error rate of user agents (partition_field_name is user_agent.name).
  • Detects user agents that are encountering errors at an above normal rate (using the high_non_zero_count function).

This job can help detect browser compatibility issues.

decreased_throughput_jsbase
decreased_throughput_nodejs
  • For data from Elastic APM RUM JavaScript agents or Elastic APM Node.js agents (where agent.name is js-base or nodejs).
  • Models the transaction rate of the application.
  • Detects periods during which the application is processing fewer requests than normal (using the low_count function).
high_count_by_user_agent_jsbase
  • For data from Elastic APM RUM JavaScript agents (where agent.name is js-base).
  • Models the request rate of user agents (partition_field_name is user_agent.name).
  • Detects user agents that are making requests at a suspiciously high rate (using the high_non_zero_count function).

This job is useful in identifying bots.

high_mean_response_time
  • For transaction data where processor.event is transaction and transaction.type is request.
  • Models response time duration of transactions.
  • Detects anomalies in high mean of transaction duration (using the high_mean function).
« Apache Auditbeat »