Hello,
If I want to build an rule to alert me once a data source has a spike in the data, would the choice be to use ML job ? Or is there already something pre built for this?
Hi, @erikg,
Good to hear from you again. Would something like what's described here work for you?
Thanks!
Jessica
1 Like
hey @jessgarson yes but I need as an alert!
I think it's only just exploratory analysis tool
Thanks, @erikg, I think I was thinking of combining it the log rate analysis chart discussed here:
@erikg What version are you using?
Yes ML job is the right approach.
The are OOTB Jobs or you can create one manually.
The reformatting of the docs makes this a little he hard to find right now.
Go To Observability -> Logs -> Anomalies
Click Create or Manage Machine Learnin g
I would start with that...
I would be carefull with the start time... it will go back and look at a lot of historical data which can take a long time.
I would not create alerts day one ...
Let it run for a while and look at the results... because it will need to learn...
Then you can create and alert... rule ... got the Job and Right Click...
Then you Select the Type / Threshold ML Score etcc...
In addition this job partitions by event.dataset... but maybe you want something different...
See This for OOTB Jobs
Then you should experiment by creating an ML job manually with the Wizard it is pretty easy... ish 
I suggest you formulate your job as a uze case and then you can usually translates into an ML Job
2 Likes
this is it! thanks @stephenb