Anomaly detection jobsedit

Anomaly detection jobs contain the configuration information and metadata necessary to perform an analytics task.

Each anomaly detection job has one or more detectors. A detector applies an analytical function to specific fields in your data. For more information about the types of analysis you can perform, see Function reference.

A job can also contain properties that affect which types of entities or events are considered anomalous. For example, you can specify whether entities are analyzed relative to their own previous behavior or relative to other entities in a population. There are also multiple options for splitting the data into categories and partitions. Some of these more advanced job configurations are described in the following section: Examples.

For a description of all the job properties, see the create anomaly detection jobs API.

In Kibana, there are wizards that help you create specific types of jobs, such as single metric, multi-metric, and population jobs. A single metric job is just a job with a single detector and limited job properties. To have access to all of the job properties in Kibana, you must choose the advanced job wizard.

Example screenshot from the single metric job wizard in Kibana

You can also optionally assign jobs to one or more job groups. You can use job groups to view the results from multiple jobs more easily and to expedite administrative tasks by opening or closing multiple jobs at once.