Merge remote-tracking branch 'upstream/master' into 42771-log-rate-re…

…sults-screen
elastic · Aug 14, 2019 · e662f48 · e662f48
2 parents 80ba0c3 + 054d4e5
commit e662f48
Show file tree

Hide file tree

Showing 5 changed files with 82 additions and 0 deletions.
diff --git a/x-pack/legacy/plugins/ml/server/models/data_recognizer/__tests__/data_recognizer.js b/x-pack/legacy/plugins/ml/server/models/data_recognizer/__tests__/data_recognizer.js
@@ -17,6 +17,7 @@ describe('ML - data recognizer', () => {
     'apm_transaction',
     'auditbeat_process_docker_ecs',
     'auditbeat_process_hosts_ecs',
+    'logs_ui_analysis',
     'metricbeat_system_ecs',
     'nginx_ecs',
     'sample_data_ecommerce',

diff --git a/x-pack/legacy/plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/logo.json b/x-pack/legacy/plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/logo.json
@@ -0,0 +1,3 @@
+{
+  "icon": "loggingApp"
+}
diff --git a/...ck/legacy/plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/manifest.json b/...ck/legacy/plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/manifest.json
@@ -0,0 +1,20 @@
+{
+  "id": "logs_ui_analysis",
+  "title": "Log Analysis",
+  "description": "Detect anomalies in log entries via the Logs UI",
+  "type": "Logs",
+  "logoFile": "logo.json",
+  "jobs": [
+    {
+      "id": "log-entry-rate",
+      "file": "log_entry_rate.json"
+    }
+  ],
+  "datafeeds": [
+    {
+      "id": "datafeed-log-entry-rate",
+      "file": "datafeed_log_entry_rate.json",
+      "job_id": "log-entry-rate"
+    }
+  ]
+}
diff --git a/...ml/server/models/data_recognizer/modules/logs_ui_analysis/ml/datafeed_log_entry_rate.json b/...ml/server/models/data_recognizer/modules/logs_ui_analysis/ml/datafeed_log_entry_rate.json
@@ -0,0 +1,28 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "aggregations": {
+    "buckets": {
+      "date_histogram": {
+        "field": "@timestamp",
+        "fixed_interval": "900000ms"
+      },
+      "aggregations": {
+        "doc_count_per_minute": {
+          "bucket_script": {
+            "buckets_path": {
+              "doc_count": "_count"
+            },
+            "script": {
+              "lang": "painless",
+              "params": {
+                "bucket_span_in_ms": 900000
+              },
+              "source": "60 * 1000 * params.doc_count / params.bucket_span_in_ms"
+            }
+          }
+        }
+      }
+    }
+  }
+}
diff --git a/.../plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/ml/log_entry_rate.json b/.../plugins/ml/server/models/data_recognizer/modules/logs_ui_analysis/ml/log_entry_rate.json
@@ -0,0 +1,30 @@
+{
+  "job_type": "anomaly_detector",
+  "description": "Detect anomalies in the log entry ingestion rate",
+  "groups": ["logs-ui"],
+  "analysis_config": {
+    "bucket_span": "15m",
+    "summary_count_field_name": "doc_count_per_minute",
+    "detectors": [
+      {
+        "detector_description": "count",
+        "function": "count",
+        "detector_index": 0
+      }
+    ],
+    "influencers": []
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "@timestamp",
+    "time_format": "epoch_ms"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-logs-ui-analysis"
+  }
+}