Ready to get some hands-on experience with the X-Pack machine learning features? This tutorial shows you how to:
- Load a sample data set into Elasticsearch
- Create single and multi-metric machine learning jobs in Kibana
- Use the results to identify possible anomalies in the data
At the end of this tutorial, you should have a good idea of what machine learning is and will hopefully be inspired to use it to detect anomalies in your own data.
You might also be interested in these video tutorials, which use the same sample data:
Install the Elastic Stack. To follow the steps in this tutorial, you will need the following components of the Elastic Stack:
- Elasticsearch 6.2.4, which stores the data and the analysis results
- X-Pack 6.2.4, which includes the machine learning features for both Elasticsearch and Kibana
- Kibana 6.2.4, which provides a helpful user interface for creating and viewing jobs
See the Elastic Support Matrix for information about supported operating systems.
See Installing the Elastic Stack for information about installing each of the components.
To get started, you can install Elasticsearch and Kibana on a single VM or even on your laptop (requires 64-bit OS). As you add more data and your traffic grows, you’ll want to replace the single Elasticsearch instance with a cluster.
When you install X-Pack into Elasticsearch and Kibana, the machine learning features are enabled by default. If you have multiple nodes in your cluster, you can optionally dedicate nodes to specific purposes. If you want to control which nodes are machine learning nodes or limit which nodes run resource-intensive activity related to jobs, see X-Pack Settings.
- Launch the Kibana web interface by pointing your browser to port 5601. For example, http://127.0.0.1:5601.
- Obtain a license that includes the machine learning features. For more information about Elastic license levels, see https://www.elastic.co/subscriptions. If you want to try all of the X-Pack features, you can start a 30-day trial. See License Management.
If X-Pack security is enabled in your cluster, you need a user that has appropriate authority to perform the steps in this tutorial.
By default, you can perform all of the steps in this tutorial by using the built-in
elasticsuper user. However, the password must be set before the user can do anything. For information about how to set that password, see Getting Started with Security.
If you are performing these steps in a production environment, take extra care because
superuserrole and you could inadvertently make significant changes to the system. You can alternatively assign the
kibana_userroles to a user ID of your choice.