[[ml-concepts]] == Overview There are a few concepts that are core to {ml} in {xpack}. Understanding these concepts from the outset will tremendously help ease the learning process. [float] [[ml-jobs]] === Jobs Machine learning jobs contain the configuration information and metadata necessary to perform an analytics task. For a list of the properties associated with a job, see <>. [float] [[ml-dfeeds]] === {dfeeds-cap} Jobs can analyze either a one-off batch of data or continuously in real time. {dfeeds-cap} retrieve data from {es} for analysis. Alternatively you can <> from any source directly to an API. [float] [[ml-detectors]] === Detectors As part of the configuration information that is associated with a job, detectors define the type of analysis that needs to be done. They also specify which fields to analyze. You can have more than one detector in a job, which is more efficient than running multiple jobs against the same data. For a list of the properties associated with detectors, see <>. [float] [[ml-buckets]] === Buckets The {xpackml} features use the concept of a bucket to divide the time series into batches for processing. The _bucket span_ is part of the configuration information for a job. It defines the time interval that is used to summarize and model the data. This is typically between 5 minutes to 1 hour and it depends on your data characteristics. When you set the bucket span, take into account the granularity at which you want to analyze, the frequency of the input data, the typical duration of the anomalies, and the frequency at which alerting is required. [float] [[ml-nodes]] === Machine learning nodes A {ml} node is a node that has `xpack.ml.enabled` and `node.ml` set to `true`, which is the default behavior. If you set `node.ml` to `false`, the node can service API requests but it cannot run jobs. If you want to use {xpackml} features, there must be at least one {ml} node in your cluster. For more information about this setting, see <>. include::functions.asciidoc[] include::functions/count.asciidoc[] include::functions/geo.asciidoc[] include::functions/info.asciidoc[] include::functions/metric.asciidoc[] include::functions/rare.asciidoc[] include::functions/sum.asciidoc[] include::functions/time.asciidoc[]