Hi,
I have a metricbeat index in Elastic and have created a new machine learning job looking at cpu usage. The index is gathering data from 25 installed beats all rolled up into a single index (metricbeat-*)
How do I create / edit the machine learning job to query say just one device out of the 25?
{
"trigger": {
"schedule": {
"interval": "100s"
}
},
"input": {
"search": {
"request": {
"search_type": "query_then_fetch",
"indices": [
".ml-anomalies-*"
],
"types": ,
"body": {
"size": 0,
"query": {
"bool": {
"filter": [
{
"term": {
"job_id": "system_cpu"
}
},
{
"match_phrase": {
"host.name": "InsertHostnameHere?"
}
},
{
"range": {
"timestamp": {
"gte": "now-10m"
}
}
},