diff --git a/x-pack/docs/en/ml/detector-custom-rules.asciidoc b/x-pack/docs/en/ml/detector-custom-rules.asciidoc index e0ca3605284..8513c7e4d25 100644 --- a/x-pack/docs/en/ml/detector-custom-rules.asciidoc +++ b/x-pack/docs/en/ml/detector-custom-rules.asciidoc @@ -1,11 +1,11 @@ [role="xpack"] [[ml-configuring-detector-custom-rules]] -=== Customizing detectors with rules and filters +=== Customizing detectors with custom rules -<> enable you to change the behavior of anomaly +<> enable you to change the behavior of anomaly detectors based on domain-specific knowledge. -Rules describe _when_ a detector should take a certain _action_ instead +Custom rules describe _when_ a detector should take a certain _action_ instead of following its default behavior. To specify the _when_ a rule uses a `scope` and `conditions`. You can think of `scope` as the categorical specification of a rule, while `conditions` are the numerical part. @@ -14,7 +14,7 @@ scope and conditions. Let us see how those can be configured by examples. -==== Specifying rule scope +==== Specifying custom rule scope Let us assume we are configuring a job in order to detect DNS data exfiltration. Our data contain fields "subdomain" and "highest_registered_domain". @@ -127,7 +127,7 @@ PUT _xpack/ml/anomaly_detectors/scoping_multiple_fields Such a detector will skip results when the values of all 3 scoped fields are included in the referenced filters. -==== Specifying rule conditions +==== Specifying custom rule conditions Imagine a detector that looks for anomalies in CPU utilization. Given a machine that is idle for long enough, small movement in CPU could @@ -206,9 +206,9 @@ PUT _xpack/ml/anomaly_detectors/rule_with_range ---------------------------------- // CONSOLE -==== Rules in the life-cycle of a job +==== Custom rules in the life-cycle of a job -Rules only affect results created after the rules were applied. +Custom rules only affect results created after the rules were applied. Let us imagine that we have configured a job and it has been running for some time. After observing its results we decide that we can employ rules in order to get rid of some uninteresting results. We can use @@ -216,7 +216,7 @@ the {ref}/ml-update-job.html[update job API] to do so. However, the rule we added will only be in effect for any results created from the moment we added the rule onwards. Past results will remain unaffected. -==== Using rules VS filtering data +==== Using custom rules VS filtering data It might appear like using rules is just another way of filtering the data that feeds into a job. For example, a rule that skips results when the diff --git a/x-pack/docs/en/rest-api/ml/filterresource.asciidoc b/x-pack/docs/en/rest-api/ml/filterresource.asciidoc index 64768da4911..e942447c1ee 100644 --- a/x-pack/docs/en/rest-api/ml/filterresource.asciidoc +++ b/x-pack/docs/en/rest-api/ml/filterresource.asciidoc @@ -13,4 +13,4 @@ A filter resource has the following properties: `items`:: (array of strings) An array of strings which is the filter item list. -For more information, see {stack-ov}/ml-rules.html[Machine learning rules and filters]. +For more information, see {stack-ov}/ml-rules.html[Machine learning custom rules]. diff --git a/x-pack/docs/en/rest-api/ml/get-filter.asciidoc b/x-pack/docs/en/rest-api/ml/get-filter.asciidoc index 89f40cf3312..b4699e9d622 100644 --- a/x-pack/docs/en/rest-api/ml/get-filter.asciidoc +++ b/x-pack/docs/en/rest-api/ml/get-filter.asciidoc @@ -18,7 +18,7 @@ Retrieves filters. ===== Description You can get a single filter or all filters. For more information, see -{stack-ov}/ml-rules.html[Machine learning rules and filters]. +{stack-ov}/ml-rules.html[Machine learning custom rules]. ==== Path Parameters diff --git a/x-pack/docs/en/rest-api/ml/jobresource.asciidoc b/x-pack/docs/en/rest-api/ml/jobresource.asciidoc index 7cccbb83ac0..5b109b1c21d 100644 --- a/x-pack/docs/en/rest-api/ml/jobresource.asciidoc +++ b/x-pack/docs/en/rest-api/ml/jobresource.asciidoc @@ -265,7 +265,7 @@ NOTE: The `field_name` cannot contain double quotes or backslashes. when there is no value for the by or partition fields. The default value is `false`. `custom_rules`:: - (array) An array of rule objects, which enable customizing how the detector works. + (array) An array of custom rule objects, which enable customizing how the detector works. For example, a rule may dictate to the detector conditions under which results should be skipped. For more information see <>. + + @@ -420,7 +420,7 @@ For more information, see {stack-ov}/ml-rules.html[Custom rules] enable you to customize the way detectors operate. -A rule has the following properties: +A custom rule has the following properties: `actions`:: (array) The set of actions to be triggered when the rule applies.