Ready to get some hands-on experience with the X-Pack machine learning features? This tutorial shows you how to:
- Load a sample data set into Elasticsearch
- Create single and multi-metric machine learning jobs in Kibana
- Use the results to identify possible anomalies in the data
At the end of this tutorial, you should have a good idea of what machine learning is and will hopefully be inspired to use it to detect anomalies in your own data.
You might also be interested in these video tutorials, which use the same sample data:
To follow the steps in this tutorial, you will need the following components of the Elastic Stack:
- Elasticsearch 6.2.2, which stores the data and the analysis results
- X-Pack 6.2.2, which includes the machine learning features for both Elasticsearch and Kibana
- Kibana 6.2.2, which provides a helpful user interface for creating and viewing jobs
See the Elastic Support Matrix for information about supported operating systems.
See Installing the Elastic Stack for information about installing each of the components.
To get started, you can install Elasticsearch and Kibana on a single VM or even on your laptop (requires 64-bit OS). As you add more data and your traffic grows, you’ll want to replace the single Elasticsearch instance with a cluster.
When you install X-Pack into Elasticsearch and Kibana, the machine learning features are enabled by default. If you have multiple nodes in your cluster, you can optionally dedicate nodes to specific purposes. If you want to control which nodes are machine learning nodes or limit which nodes run resource-intensive activity related to jobs, see X-Pack Settings.
The X-Pack machine learning features implement cluster privileges and built-in roles to make it easier to control which users have authority to view and manage the jobs, datafeeds, and results.
By default, you can perform all of the steps in this tutorial by using the
elastic super user. However, the password must be set before the user
can do anything. For information about how to set that password, see
Getting Started with Security.
If you are performing these steps in a production environment, take extra care
elastic has the
superuser role and you could inadvertently make
significant changes to the system. You can alternatively assign the
kibana_user roles to a user ID of your choice.