From 37c29a4006703a9aa3f1bde4f6973d6768029112 Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Thu, 16 Nov 2017 10:00:40 -0800 Subject: [PATCH] [DOCS] Add categorization limitation (elastic/x-pack-elasticsearch#3022) Original commit: elastic/x-pack-elasticsearch@387d7cf939799f924348b209cb0cdcdcece8db43 --- docs/en/ml/categories.asciidoc | 13 +++++++++---- docs/en/ml/limitations.asciidoc | 7 +++++++ 2 files changed, 16 insertions(+), 4 deletions(-) diff --git a/docs/en/ml/categories.asciidoc b/docs/en/ml/categories.asciidoc index 43c8dd85242..d2c1ac2503f 100644 --- a/docs/en/ml/categories.asciidoc +++ b/docs/en/ml/categories.asciidoc @@ -11,10 +11,15 @@ example: //NOTCONSOLE You can use {ml} to observe the static parts of the message, cluster similar -messages together, and classify them into message categories. The {ml} model -learns what volume and pattern is normal for each category over time. You can -then detect anomalies and surface rare events or unusual types of messages by -using count or rare functions. For example: +messages together, and classify them into message categories. + +NOTE: Categorization uses English tokenization rules and dictionary words in +order to identify log message categories. As such, only English language log +messages are supported. + +The {ml} model learns what volume and pattern is normal for each category over +time. You can then detect anomalies and surface rare events or unusual types of +messages by using count or rare functions. For example: //Obtained from it_ops_new_app_logs.sh [source,js] diff --git a/docs/en/ml/limitations.asciidoc b/docs/en/ml/limitations.asciidoc index 85d54be886e..60fc7cafa5f 100644 --- a/docs/en/ml/limitations.asciidoc +++ b/docs/en/ml/limitations.asciidoc @@ -4,6 +4,13 @@ The following limitations and known problems apply to the {version} release of {xpack}: +[float] +=== Categorization uses English tokenization rules and dictionary words +//See x-pack-elasticsearch/#3021 +Categorization identifies static parts of unstructured logs and groups similar +messages together. This is currently supported only for English language log +messages. + [float] === Pop-ups must be enabled in browsers //See x-pack-elasticsearch/#844