I have this .ml job created which is intended to tap into each of the source integrations we have and monitor for any abnormal dips of document ingestion into the respective index alias (each alias for each integration). However, the job output is not rendering all the sources , not sure why. The reason I kept alias is to avoid challenges where someone change the data view and we are doomed. Appreciate your inputs to this.
Here are the details -
PUT _ml/anomaly_detectors/panda_mom_zero_doc_monitoring_high_dense_function?pretty
{
"job_id": "panda_mom_zero_doc_monitoring_high_dense_function",
"groups": [
"f_low_count",
"gcs-sre",
"mom"
],
"description": "This job is meant to measure ingestion dip across functions which are high on data ingestion.",
"analysis_config": {
"bucket_span": "15m",
"detectors": [
{
"detector_description": "low_distinct_count of events per source",
"function": "low_distinct_count",
"field_name": "sap.mom.event.id.keyword",
"by_field_name": "sap.mom.event.source.keyword",
"detector_index": 0
}
],
"influencers": [
"sap.mom.event.source.keyword"
],
"model_prune_window": "30d"
},
"analysis_limits": {
"model_memory_limit": "100mb",
"categorization_examples_limit": 4
},
"data_description": {
"time_field": "event_timestamp",
"time_format": "epoch_ms"
},
"model_plot_config": {
"enabled": true,
"annotations_enabled": false
},
"background_persist_interval": "8h",
"model_snapshot_retention_days": 7,
"daily_model_snapshot_retention_after_days": 1,
"results_retention_days": 90,
"results_index_name": "custom-c0000_log_sre_panda_mom_job_monitoring",
"allow_lazy_open": false
}
PUT _ml/datafeeds/datafeed-panda_mom_zero_doc_monitoring_high_dense_function
{
"job_id": "panda_mom_zero_doc_monitoring_high_dense_function",
"query_delay": "15m",
"query": {
"bool": {
"must": [
{
"match_all": {}
}
]
}
},
"frequency": "5m",
"indices": [
"c0000_log_sre_dynatrace_alarms",
"c0000_log_sre_uex_alarms",
"c0000_log_sre_gmp_alarms",
"c0000_log_sre_monterey_alarms",
"c0000_log_sre_hardware_alarms",
"c0000_log_sre_pingdom_alarms",
"c0000_log_sre_prometheus_alarms",
"c0000_log_sre_caspectrum_alarms",
"c0000_log_sre_dynatrace_alarms",
"c0000_log_sre_frun_alarms",
"c0000_log_sre_new_relic_alarms",
"c0000_log_sre_syslog_alarms",
"c0000_log_sre_uptime_alarms",
"c0000_log_sre_nagios_alarms",
"c0000_log_sre_uex_alarms",
"c0000_log_sre_vrops_alarms",
"c0000_log_sre_zabbix_alarms",
"c0000_log_sre_backup_alarms",
"c0000_log_sre_apim_availability_service_alarms"
],
"scroll_size": 1000,
"delayed_data_check_config": {
"enabled": false,
"check_window": "1h"
}
}