How Create a machine learning job depends a particular value in a field?

Elastic Stack Elasticsearch
1

Hi All ,

In my log there is a filed named "Log_Type" . This field had multiple values. It may be consist INFORMATION , ERROR or DEBUG etc. I want create a ML job with respect to the distinct count of ERROR in filed "Log_Type" . Is it possible ? . I think it is possible by advanced job and detector . How to configure this advanced job for this purpose.

Sample data

"Log_Type": "ERROR"
"Log_Type": "INFO"
"Log_Type": "DEBUG"

Purpose is , I want to draw the distinct count pattern of ERROR in Log_Type field.

1 Like
2

Just do count, partitioned on the field Log_Type:

count_Log_Type
count_Log_Type.png1794×814 42.2 KB

1 Like
3

Thank you @richcollier

This solution is working well .

Can you give me an overview of all the options in this advanced Detector.

Meaning of function , field_name , over_field_name etc ..

4

Here you go: https://www.elastic.co/guide/en/elasticsearch/reference/6.2/ml-job-resource.html#ml-detectorconfig

1 Like