Set up machine learning features

To use the Elastic Stack machine learning features, you must have the appropriate license and at least one machine learning node in your Elasticsearch cluster. If Elastic Stack security features are enabled, you must also ensure your users have the necessary privileges.

The fastest way to get started with machine learning features is to start a free 14-day trial of Elasticsearch Service in the cloud.

Machine learning nodes

To use machine learning features, there must be at least one machine learning node in your cluster. A machine learning node is a node that has xpack.ml.enabled and node.ml set to true, which is the default behavior.

You can limit which nodes run resource-intensive activity related to machine learning jobs by setting node.ml to false on some nodes. In that case, they can service API requests but cannot run machine learning jobs. For more information, see Machine learning nodes.

Security privileges

The Elasticsearch security features provide built-in roles and privileges that make it easier to control which users can manage or view machine learning objects such as jobs, datafeeds, results, and model snapshots.

To view the configuration, status, and results of the machine learning features, you must have:

  • machine_learning_user or machine_learning_admin built-in roles
  • read and view_index_metadata index privileges on source indices
  • read index privileges on destination indices (for data frame analytics jobs only)

To manage machine learning features, you must have:

  • machine_learning_admin built-in role
  • read and view_index_metadata index privileges on source indices
  • read, manage, and index index privileges on destination indices (for data frame analytics jobs only)

If you use machine learning features in Kibana, you must also have:

  • kibana_admin built-in role or a custom role that grants access to Kibana
  • monitor cluster privilege to manage data frame analytics jobs

If you use the Data Visualizer to upload files in Kibana, you must also have:

  • monitor and manage_ingest_pipelines cluster privileges
  • read, manage, and index index privileges for the destination index