86 lines
3.4 KiB
Plaintext
86 lines
3.4 KiB
Plaintext
[[ml-getting-started]]
|
|
== Getting Started
|
|
|
|
////
|
|
{xpackml} features automatically detect:
|
|
* Anomalies in single or multiple time series
|
|
* Outliers in a population (also known as _entity profiling_)
|
|
* Rare events (also known as _log categorization_)
|
|
|
|
This tutorial is focuses on an anomaly detection scenario in single time series.
|
|
////
|
|
Ready to get some hands-on experience with the {xpackml} features? This
|
|
tutorial shows you how to:
|
|
|
|
* Load a sample data set into {es}
|
|
* Create single and multi-metric {ml} jobs in {kib}
|
|
* Use the results to identify possible anomalies in the data
|
|
|
|
At the end of this tutorial, you should have a good idea of what {ml} is and
|
|
will hopefully be inspired to use it to detect anomalies in your own data.
|
|
|
|
You might also be interested in these video tutorials, which use the same sample
|
|
data:
|
|
|
|
* https://www.elastic.co/videos/machine-learning-tutorial-creating-a-single-metric-job[Machine Learning for the Elastic Stack: Creating a single metric job]
|
|
* https://www.elastic.co/videos/machine-learning-tutorial-creating-a-multi-metric-job[Machine Learning for the Elastic Stack: Creating a multi-metric job]
|
|
|
|
|
|
[float]
|
|
[[ml-gs-sysoverview]]
|
|
=== System Overview
|
|
|
|
To follow the steps in this tutorial, you will need the following
|
|
components of the Elastic Stack:
|
|
|
|
* {es} {version}, which stores the data and the analysis results
|
|
* {xpack} {version}, which includes the {ml} features for both {es} and {kib}
|
|
* {kib} {version}, which provides a helpful user interface for creating and
|
|
viewing jobs +
|
|
|
|
//ll {ml} features are available to use as an API, however this tutorial
|
|
//will focus on using the {ml} tab in the {kib} UI.
|
|
|
|
See the https://www.elastic.co/support/matrix[Elastic Support Matrix] for
|
|
information about supported operating systems.
|
|
|
|
See {stack-ref}/installing-elastic-stack.html[Installing the Elastic Stack] for
|
|
information about installing each of the components.
|
|
|
|
NOTE: To get started, you can install {es} and {kib} on a
|
|
single VM or even on your laptop (requires 64-bit OS).
|
|
As you add more data and your traffic grows,
|
|
you'll want to replace the single {es} instance with a cluster.
|
|
|
|
When you install {xpack} into {es} and {kib}, the {ml} features are
|
|
enabled by default. If you have multiple nodes in your cluster, you can
|
|
optionally dedicate nodes to specific purposes. If you want to control which
|
|
nodes are _machine learning nodes_ or limit which nodes run resource-intensive
|
|
activity related to jobs, see <<xpack-settings>>.
|
|
|
|
|
|
[float]
|
|
[[ml-gs-users]]
|
|
==== Users, Roles, and Privileges
|
|
|
|
The {xpackml} features implement cluster privileges and built-in roles to
|
|
make it easier to control which users have authority to view and manage the jobs,
|
|
{dfeeds}, and results.
|
|
|
|
By default, you can perform all of the steps in this tutorial by using the
|
|
built-in `elastic` super user. However, the password must be set before the user
|
|
can do anything. For information about how to set that password, see
|
|
<<security-getting-started>>.
|
|
|
|
If you are performing these steps in a production environment, take extra care
|
|
because `elastic` has the `superuser` role and you could inadvertently make
|
|
significant changes to the system. You can alternatively assign the
|
|
`machine_learning_admin` and `kibana_user` roles to a user ID of your choice.
|
|
|
|
For more information, see <<built-in-roles>> and <<privileges-list-cluster>>.
|
|
|
|
include::getting-started-data.asciidoc[]
|
|
include::getting-started-single.asciidoc[]
|
|
include::getting-started-multi.asciidoc[]
|
|
include::getting-started-next.asciidoc[]
|