From 10827033c5beac283ef0ca7367c93563c4176652 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 22 Jan 2018 13:52:47 -0800 Subject: [PATCH] [DOCS] Added information about overall bucket scores (elastic/x-pack-elasticsearch#3333) Original commit: elastic/x-pack-elasticsearch@68efc63f25f8688f5099359114eabe34a04d3b4d --- docs/en/ml/buckets.asciidoc | 32 +++++++++++++++++++++++--------- docs/en/ml/overview.asciidoc | 2 +- 2 files changed, 24 insertions(+), 10 deletions(-) diff --git a/docs/en/ml/buckets.asciidoc b/docs/en/ml/buckets.asciidoc index fb69abe0cec..89d7ea8cdea 100644 --- a/docs/en/ml/buckets.asciidoc +++ b/docs/en/ml/buckets.asciidoc @@ -1,12 +1,26 @@ -[float] [[ml-buckets]] === Buckets +++++ +Buckets +++++ -The {xpackml} features use the concept of a bucket to divide the time -series into batches for processing. The _bucket span_ is part of the -configuration information for a job. It defines the time interval that is used -to summarize and model the data. This is typically between 5 minutes to 1 hour -and it depends on your data characteristics. When you set the bucket span, -take into account the granularity at which you want to analyze, the frequency -of the input data, the typical duration of the anomalies, and the frequency at -which alerting is required. +The {xpackml} features use the concept of a _bucket_ to divide the time series +into batches for processing. + +The _bucket span_ is part of the configuration information for a job. It defines +the time interval that is used to summarize and model the data. This is +typically between 5 minutes to 1 hour and it depends on your data characteristics. +When you set the bucket span, take into account the granularity at which you +want to analyze, the frequency of the input data, the typical duration of the +anomalies, and the frequency at which alerting is required. + +When you view your {ml} results, each bucket has an anomaly score. This score is +a statistically aggregated and normalized view of the combined anomalousness of +all the record results in the bucket. If you have more than one job, you can +also obtain overall bucket results, which combine and correlate anomalies from +multiple jobs into an overall score. When you view the results for jobs groups +in {kib}, it provides the overall bucket scores. + +For more information, see +{ref}/ml-results-resource.html[Results Resources] and +{ref}/ml-get-overall-buckets.html[Get Overall Buckets API]. diff --git a/docs/en/ml/overview.asciidoc b/docs/en/ml/overview.asciidoc index 7c58774188b..a13fb58f1f6 100644 --- a/docs/en/ml/overview.asciidoc +++ b/docs/en/ml/overview.asciidoc @@ -3,6 +3,7 @@ include::analyzing.asciidoc[] include::forecasting.asciidoc[] +include::buckets.asciidoc[] include::calendars.asciidoc[] [[ml-concepts]] @@ -16,5 +17,4 @@ concepts from the outset will tremendously help ease the learning process. include::jobs.asciidoc[] include::datafeeds.asciidoc[] -include::buckets.asciidoc[] include::architecture.asciidoc[]