I would like to run anomaly detection on a subset of an index. It looks like I am supposed to set up a filter list containing the values I wish to select, and then create a custom rule to associate a field with a filter list and an action. I am supposed to edit the JSON directly in the ML job to do this. I have multiple fields and filter lists to apply to my index.
I am using V7.12.1. I am looking for examples of what the JSON should look like, info on what works for this version, as the only examples I see are for future versions, and some advice as to how I can learn to write JSON well enough to apply complex SQL "where" conditions to indexes.
It seems like it would be a common task to need to apply a "where" condition to an index for anomaly detection. Are there any plans to make a GUI interface for this?