Logs anomaly detection configurationsedit

These anomaly detection jobs appear by default in the Logs app in Kibana. For more details, see the datafeed and job definitions in the logs_ui_* folders in GitHub.

log_entry_categories_count
  • For log entry categories via the Logs UI.
  • Models the occurrences of log events (partition_field_name is event.dataset).
  • Detects anomalies in count of log entries by category (using the count function).
log_entry_rate
  • For log entries via the Logs UI.
  • Models ingestion rates (partition_field_name is event.dataset).
  • Detects anomalies in the log entry ingestion rate (using the low_count function).