Multi-metric Job

Elastic Stack Kibana
1

45
45.PNG1267×921 139 KB

I have been trying to perform some tasks for anomaly detection and was using the multi metric viewer to analyze so. But couldn't understand why the the split data field was showing so many metrics?
In all the tutorials i saw there were only a few options in the data field like service.keyword.
46
46.PNG1267×919 99.3 KB

And after creating the job where i can clearly see spikes in the above visualization, the anomaly timeline shows no warnings.
Can somebody explain what is going on?

2

The number of items shown in the dropdown depend on how your index mapping is created. It will show all of your text and keyword-based fields.

You are not seeing anomalies because you're not feeding enough data to ML. Feed days worth of data in, not just a few minutes!

3

@richcollier
Does this mean I can't use multi-metric job(split-data) with a csv file having all numerical data in it?
Thanks for your help once again!

4

Splitting the data is analogous to a GROUP BY clause in SQL - you should pick a categorical field and ML will iterate the metric analysis for every instance of that field. So, people will choose whatever metrics they'd like to have ML to analyze from the top part of the UI, then will optionally split that analysis along another field.

You don't HAVE to split the analysis if you don't want to, but often it makes sense to do so for every host or similar categorical field.

Watch this demo video: https://www.youtube.com/watch?v=4lex_cOHfXc

5

Capture
Capture.PNG1265×985 209 KB

Following your previous advise i have been trying to upload all my csv data i have which is approx 16 mb in size.
But when I am using logstash to upload the data I am not able to upload the full file. Can you please revert what might be the reason.
Although i can see the index is there but i don't think full data in the csv has been indexed.
Note:- I am using Virtual Box and can't dual boot.
Capture
Capture.PNG1265×928 133 KB

The index at number 12 and 11 is when i have been trying to upload the full csv data file but can't get the reason why after 63 mb of data being ingested in the elastic it fails to upload?
Please help with the possible solutions

6

If you are having trouble with Logstash, you can open a new thread in the Logstash section.

Cheers!

7

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.