How to easily see log events that caused the anomaly?

FlorinAndrei · May 8, 2019, 6:38pm

ES 6.6

I'm indexing logs from a cluster. One field is numeric and shows the duration of DB transactions.

I made an anomaly detector tracking the numeric field. I see it flagging anomalies. In the Anomaly Explorer, I expand one anomaly and I look at the info therein. I can view the series just fine.

But I could not find a way to easily jump from there to the Discover window with the events that surround the anomaly filtered and displayed.

In other words, I want to see the logs that caused the anomaly. I want to see the actual DB transactions that were executed during that time. I could manually search for them, based on the info in the Anomaly Explorer, but I was hoping there's a direct link to it from the ML window.

richcollier · May 8, 2019, 7:35pm

Create a Custom URL

system · June 5, 2019, 7:35pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Machine learning - host stopped sending logs or events Elasticsearch elastic-stack-machine-learning	15	2369	September 27, 2017
How to query for anomalous state changes based on duration Elasticsearch	3	373	October 19, 2020
Elasticsearch Kibana Kibana elastic-stack-monitoring	13	323	April 24, 2024
Anomaly detection / ML Setup Logs elastic-stack-machine-learning	3	1244	June 8, 2021
Conflicting data between Index Dashboard and ML anomaly detection job Kibana elastic-stack-machine-learning	7	487	February 16, 2021

How to easily see log events that caused the anomaly?

Related topics