OpenSearch/docs/en/ml/getting-started.asciidoc

86 lines
3.4 KiB
Plaintext
Raw Normal View History

[[ml-getting-started]]
== Getting Started
////
{xpackml} features automatically detect:
* Anomalies in single or multiple time series
* Outliers in a population (also known as _entity profiling_)
* Rare events (also known as _log categorization_)
This tutorial is focuses on an anomaly detection scenario in single time series.
////
Ready to get some hands-on experience with the {xpackml} features? This
tutorial shows you how to:
* Load a sample data set into {es}
* Create single and multi-metric {ml} jobs in {kib}
* Use the results to identify possible anomalies in the data
At the end of this tutorial, you should have a good idea of what {ml} is and
will hopefully be inspired to use it to detect anomalies in your own data.
You might also be interested in these video tutorials, which use the same sample
data:
* https://www.elastic.co/videos/machine-learning-tutorial-creating-a-single-metric-job[Machine Learning for the Elastic Stack: Creating a single metric job]
* https://www.elastic.co/videos/machine-learning-tutorial-creating-a-multi-metric-job[Machine Learning for the Elastic Stack: Creating a multi-metric job]
[float]
[[ml-gs-sysoverview]]
=== System Overview
To follow the steps in this tutorial, you will need the following
components of the Elastic Stack:
* {es} {version}, which stores the data and the analysis results
* {xpack} {version}, which includes the {ml} features for both {es} and {kib}
* {kib} {version}, which provides a helpful user interface for creating and
viewing jobs +
//ll {ml} features are available to use as an API, however this tutorial
//will focus on using the {ml} tab in the {kib} UI.
See the https://www.elastic.co/support/matrix[Elastic Support Matrix] for
information about supported operating systems.
See {stack-ref}/installing-elastic-stack.html[Installing the Elastic Stack] for
information about installing each of the components.
NOTE: To get started, you can install {es} and {kib} on a
single VM or even on your laptop (requires 64-bit OS).
As you add more data and your traffic grows,
you'll want to replace the single {es} instance with a cluster.
When you install {xpack} into {es} and {kib}, the {ml} features are
enabled by default. If you have multiple nodes in your cluster, you can
optionally dedicate nodes to specific purposes. If you want to control which
nodes are _machine learning nodes_ or limit which nodes run resource-intensive
activity related to jobs, see <<xpack-settings>>.
[float]
[[ml-gs-users]]
==== Users, Roles, and Privileges
The {xpackml} features implement cluster privileges and built-in roles to
make it easier to control which users have authority to view and manage the jobs,
{dfeeds}, and results.
By default, you can perform all of the steps in this tutorial by using the
built-in `elastic` super user. However, the password must be set before the user
can do anything. For information about how to set that password, see
<<security-getting-started>>.
If you are performing these steps in a production environment, take extra care
because `elastic` has the `superuser` role and you could inadvertently make
significant changes to the system. You can alternatively assign the
`machine_learning_admin` and `kibana_user` roles to a user ID of your choice.
For more information, see <<built-in-roles>> and <<privileges-list-cluster>>.
include::getting-started-data.asciidoc[]
include::getting-started-single.asciidoc[]
include::getting-started-multi.asciidoc[]
include::getting-started-next.asciidoc[]