2017-06-27 16:30:15 -04:00
|
|
|
[[ml-gs-next]]
|
|
|
|
=== Next Steps
|
|
|
|
|
|
|
|
By completing this tutorial, you've learned how you can detect anomalous
|
|
|
|
behavior in a simple set of sample data. You created single and multi-metric
|
|
|
|
jobs in {kib}, which creates and opens jobs and creates and starts {dfeeds} for
|
|
|
|
you under the covers. You examined the results of the {ml} analysis in the
|
2018-01-19 15:43:58 -05:00
|
|
|
**Single Metric Viewer** and **Anomaly Explorer** in {kib}. You also
|
|
|
|
extrapolated the future behavior of a job by creating a forecast.
|
2017-06-27 16:30:15 -04:00
|
|
|
|
|
|
|
If you want to learn about advanced job options, you might be interested in
|
|
|
|
the following video tutorial:
|
|
|
|
https://www.elastic.co/videos/machine-learning-lab-3-detect-outliers-in-a-population[Machine Learning Lab 3 - Detect Outliers in a Population].
|
|
|
|
|
|
|
|
If you intend to use {ml} APIs in your applications, a good next step might be
|
|
|
|
to learn about the APIs by retrieving information about these sample jobs.
|
|
|
|
For example, the following APIs retrieve information about the jobs and {dfeeds}.
|
|
|
|
|
|
|
|
[source,js]
|
|
|
|
--------------------------------------------------
|
|
|
|
GET _xpack/ml/anomaly_detectors
|
|
|
|
|
|
|
|
GET _xpack/ml/datafeeds
|
|
|
|
--------------------------------------------------
|
|
|
|
// CONSOLE
|
|
|
|
|
|
|
|
For more information about the {ml} APIs, see <<ml-api-quickref>>.
|
|
|
|
|
|
|
|
Ultimately, the next step is to start applying {ml} to your own data.
|
|
|
|
As mentioned in <<ml-gs-data>>, there are three things to consider when you're
|
|
|
|
thinking about where {ml} will be most impactful:
|
|
|
|
|
|
|
|
. It must be time series data.
|
|
|
|
. It should be information that contains key performance indicators for the
|
|
|
|
health, security, or success of your business or system. The better you know the
|
|
|
|
data, the quicker you will be able to create jobs that generate useful
|
|
|
|
insights.
|
|
|
|
. Ideally, the data is located in {es} and you can therefore create a {dfeed}
|
|
|
|
that retrieves data in real time. If your data is outside of {es}, you
|
|
|
|
cannot use {kib} to create your jobs and you cannot use {dfeeds}. Machine
|
|
|
|
learning analysis is still possible, however, by using APIs to create and manage
|
2018-01-19 15:43:58 -05:00
|
|
|
jobs and to post data to them.
|
2017-06-27 16:30:15 -04:00
|
|
|
|
|
|
|
Once you have decided which data to analyze, you can start considering which
|
2018-01-19 15:43:58 -05:00
|
|
|
analysis functions you want to use. For more information, see <<ml-functions>>.
|
2017-06-27 16:30:15 -04:00
|
|
|
|
|
|
|
In general, it is a good idea to start with single metric jobs for your
|
|
|
|
key performance indicators. After you examine these simple analysis results,
|
|
|
|
you will have a better idea of what the influencers might be. You can create
|
|
|
|
multi-metric jobs and split the data or create more complex analysis functions
|
2018-01-19 15:43:58 -05:00
|
|
|
as necessary. For examples of more complicated configuration options, see
|
|
|
|
<<ml-configuring>>.
|
2017-06-27 16:30:15 -04:00
|
|
|
|
2018-05-31 20:02:18 -04:00
|
|
|
If you encounter problems, we're here to help. See <<help>> and
|
2017-06-27 16:30:15 -04:00
|
|
|
<<ml-troubleshooting>>.
|