Hello,
When we configure rules for 'builtin' jobs, such as 'rare process executions on Linux', where we would skip the result if the process in in a filter list 'whitelist_process_name', will these rules be overwritten when we would update Elasticsearch / Kibana? (Like edits to builtin templates / pipelines would be overwritten)?
The issue now is that we have a lot of anomalies and were hoping to lower noise by using a whitelist for process names.
Grtz
Willem
No, they will not be overwritten, as the rule definitions are stored with the ML job configs themselves. Only if you deleted and/or recreated the jobs would the rules be erased.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
