|
|
@@ -36,16 +36,6 @@ In *{stack-manage-app} > {rules-ui}*, you can create both types of {ml} rules:
|
|
|
image::images/ml-rule.png["Creating a new machine learning rule",500]
|
|
|
// NOTE: This is an autogenerated screenshot. Do not edit it directly.
|
|
|
|
|
|
-When you create a {ml} rule, you must provide a time interval for the rule to
|
|
|
-check detected anomalies or job health changes. It is recommended to select an
|
|
|
-interval that is close to the bucket span of the job.
|
|
|
-
|
|
|
-You must also select a notification option, which affects how often alerts
|
|
|
-generate actions. Options include running actions at each check interval, only
|
|
|
-when the alert status changes, or at a custom action interval. For more
|
|
|
-information about these options, refer to the
|
|
|
-{kibana-ref}/create-and-manage-rules.html#defining-rules-general-details[General rule details].
|
|
|
-
|
|
|
In the *{ml-app}* app, you can create only {anomaly-detect} alert rules; create
|
|
|
them from the {anomaly-job} wizard after you start the job or from the
|
|
|
{anomaly-job} list.
|
|
|
@@ -90,10 +80,11 @@ the sample results by providing a valid interval for your data. The generated
|
|
|
preview contains the number of potentially created alerts during the relative
|
|
|
time range you defined.
|
|
|
|
|
|
-As the last step in the rule creation process,
|
|
|
-<<defining-actions, define the actions>> that occur when the conditions
|
|
|
-are met.
|
|
|
+TIP: You must also provide a _check interval_ that defines how often to
|
|
|
+evaluate the rule conditions. It is recommended to select an interval that is
|
|
|
+close to the bucket span of the job.
|
|
|
|
|
|
+As the last step in the rule creation process, <<defining-actions,define its actions>>.
|
|
|
|
|
|
[[creating-anomaly-jobs-health-rules]]
|
|
|
=== {anomaly-jobs-cap} health
|
|
|
@@ -117,8 +108,8 @@ _Datafeed is not started_::
|
|
|
_Model memory limit reached_::
|
|
|
Notifies if the model memory status of the job reaches the soft or hard model
|
|
|
memory limit. Optimize your job by following
|
|
|
- <<detector-configuration, these guidelines>> or consider
|
|
|
- <<set-model-memory-limit, amending the model memory limit>>.
|
|
|
+ <<detector-configuration,these guidelines>> or consider
|
|
|
+ <<set-model-memory-limit,amending the model memory limit>>.
|
|
|
_Data delay has occurred_::
|
|
|
Notifies when the job missed some data. You can define the threshold for the
|
|
|
amount of missing documents you get alerted on by setting
|
|
|
@@ -135,24 +126,41 @@ _Errors in job messages_::
|
|
|
image::images/ml-health-check-config.png["Selecting health checkers",500]
|
|
|
// NOTE: This is an autogenerated screenshot. Do not edit it directly.
|
|
|
|
|
|
-As the last step in the rule creation process,
|
|
|
-<<defining-actions, define the actions>> that occur when the conditions
|
|
|
-are met.
|
|
|
+TIP: You must also provide a _check interval_ that defines how often to
|
|
|
+evaluate the rule conditions. It is recommended to select an interval that is
|
|
|
+close to the bucket span of the job.
|
|
|
+
|
|
|
+As the last step in the rule creation process, define its actions.
|
|
|
|
|
|
|
|
|
[[defining-actions]]
|
|
|
== Defining actions
|
|
|
|
|
|
-Your rule can use connectors, which are {kib} services or supported third-party
|
|
|
-integrations that run actions when the rule conditions are met or when the
|
|
|
-alert is recovered. For details about creating connectors, refer to
|
|
|
+//tag::define-actions[]
|
|
|
+You can add one or more actions to your rule to generate notifications when its
|
|
|
+conditions are met and when they are no longer met.
|
|
|
+
|
|
|
+Each action uses a connector, which stores connection information for a {kib}
|
|
|
+service or supported third-party integration, depending on where you want to
|
|
|
+send the notifications. For example, you can use a Slack connector to send a
|
|
|
+message to a channel. Or you can use an index connector that writes an JSON
|
|
|
+object to a specific index. For details about creating connectors, refer to
|
|
|
{kibana-ref}/action-types.html[Connectors].
|
|
|
|
|
|
-For example, you can use a Slack connector to send a message to a channel. Or
|
|
|
-you can use an index connector that writes an JSON object to a specific index.
|
|
|
-It's also possible to customize the notification messages. There is a set of
|
|
|
-variables that you can include in the message depending on the rule type; refer
|
|
|
-to <<action-variables>>.
|
|
|
+You must set the action frequency, which involves choosing how often to run
|
|
|
+the action (for example, at each check interval, only when the alert status
|
|
|
+changes, or at a custom action interval). Each rule type also has a list of
|
|
|
+valid action groups and you must choose one of these groups (for example, the
|
|
|
+action runs when the issue is detected or when it is recovered).
|
|
|
+
|
|
|
+TIP: If you choose a custom action interval, it cannot be shorter than the
|
|
|
+rule's check interval.
|
|
|
+
|
|
|
+//end::define-actions[]
|
|
|
+
|
|
|
+It's also possible to customize the notification messages for each action. There
|
|
|
+is a set of variables that you can include in the message depending on the rule
|
|
|
+type; refer to <<action-variables>>.
|
|
|
|
|
|
[role="screenshot"]
|
|
|
image::images/ml-anomaly-alert-messages.png["Customizing your message",500]
|
Lisa Cawley
