Hi Team,
I am new in ELK and I am trying to work on Machine Learning feature of Kibana .I have some field related to sip call like start_time , cause_code , calling_party, called_party.
My requirement is to create a job that alert me when a particular cause_code (e.g 404) came within some time spam (e.g. 10m).
Kibana version 7.4.1
elasticsearch version 7.4.1
logstash version 7.4.1
thanks
.2019-11-13T07:30:00Z
Create a Multi-metric job.
Use "Count (Event rate)" as the feature to have ML track.
Choose to "split" the analysis on your cause_code field.
Choose the "bucket span" to be 10m
Then you will have a job that looks for spikes/dips in documents over 10 minute increments, for every type of cause_code.
Voila!
Hi @richcollier
So what we will get right now, when I'm creating multi-metric job and Count(Event rate) as the feature I am not getting my field (cause_code) as an option in "Split field". so can you tell what is the reason for that.. thanksCould you provide the mapping type for cause_code?
It is possible that the type is not keyword in which case it is not available as a split field in the multi-metric wizard.
Instead, please use the advanced wizard. Add a detector and select function count and partition field cause_code and set the bucket span to be 10m.
Hope this helps.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.