Home Explore Help
Register Sign In
lqb
/
elasticsearch
mirror of https://gitee.com/mirrors/elasticsearch.git
1
0
Fork 0
Files Issues 0 Wiki
Browse Source

[DOCS] Refreshes population job examples (#36101)

Lisa Cawley 6 years ago
parent
54facbe325
commit
c24be278e4
4 changed files with 13 additions and 12 deletions
Split View Show Diff Stats
  1. BIN
      docs/reference/ml/images/ml-population-anomaly.jpg
  2. BIN
      docs/reference/ml/images/ml-population-job.jpg
  3. BIN
      docs/reference/ml/images/ml-population-results.jpg
  4. 13 12
      docs/reference/ml/populations.asciidoc

BIN
docs/reference/ml/images/ml-population-anomaly.jpg
View File


BIN
docs/reference/ml/images/ml-population-job.jpg
View File


BIN
docs/reference/ml/images/ml-population-results.jpg
View File


+ 13 - 12
docs/reference/ml/populations.asciidoc
View File 

@@ -32,33 +32,34 @@ PUT _xpack/ml/anomaly_detectors/population
 
 {
 
   "description" : "Population analysis",
 
   "analysis_config" : {
 
-    "bucket_span":"10m",
 
+    "bucket_span":"15m",
 
     "influencers": [
 
-      "username"
 
+      "clientip"
 
     ],
 
     "detectors": [
 
       {
 
         "function": "mean",
 
-        "field_name": "bytesSent",
 
-        "over_field_name": "username" <1>
 
+        "field_name": "bytes",
 
+        "over_field_name": "clientip" <1>
 
       }
 
     ]
 
   },
 
   "data_description" : {
 
-    "time_field":"@timestamp",
 
+    "time_field":"timestamp",
 
     "time_format": "epoch_ms"
 
   }
 
 }
 
 ----------------------------------
 
 //CONSOLE
 
 // TEST[skip:needs-licence]
 
-<1> This `over_field_name` property indicates that the metrics for each user (
 
-  as identified by their `username` value) are analyzed relative to other users
 
+<1> This `over_field_name` property indicates that the metrics for each client (
 
+  as identified by their IP address) are analyzed relative to other clients
 
   in each bucket.
 
 
 If your data is stored in {es}, you can use the population job wizard in {kib}
 
-to create a job with these same properties. For example, the population job
 
-wizard provides the following job settings:
 
+to create a job with these same properties. For example, if you add the sample
 
+web logs in {kib}, you can use the following job settings in the population job
 
+wizard:
 
 
 [role="screenshot"]
 
 image::images/ml-population-job.jpg["Job settings in the population job wizard]
 
@@ -81,6 +82,6 @@ details about the anomalies:
 
 [role="screenshot"]
 
 image::images/ml-population-anomaly.jpg["Anomaly details for a specific user"]
 
 
-In this example, the user identified as `antonette` sent a high volume of bytes
 
-on the date and time shown. This event is anomalous because the mean is two times
 
-higher than the expected behavior of the population.
 
+In this example, the client IP address `29.64.62.83` received a high volume of
 
+bytes on the date and time shown. This event is anomalous because the mean is
 
+three times higher than the expected behavior of the population.