Hello,
I'm a newbie who is learning machine learning of x-pack.
I have a trouble with machine learning as I wrote![1|690x385]
My goal is creating a single metric job. (Machine learning-> create a new job -> create a single metric job)
My situation
I added ".monitoring-es-*" with Time filter name "timestamp" on elasticsearch.
(Management tab-> Index pattern)
I made a single metric job and I got a graph for my ".monitoring-es-*", I chose "mean" for aggregation and "node_stats.os.cpu.load_average.15m" for Field and "15m" for Bucket span.
However, My job didn't analyze the data which is different from the video of elastic's
(the url for the video: https://www.youtube.com/watch?v=DBRISS0UKcA)
Fore more detail, it does not analyze but nothing happend just made a job file and when I clicked "Machine learning " again and click "open count in Anomaly Explorer" It just show me "No results Found."
I googled hundreds of time but I can't find any clue about this issue.
Plz help me.
It's hard to tell exactly the sequence of things given your screenshots, but clearly you properly created a job (from what I can tell), however, the screenshot of the jobs page shows that the job has processed "0" records (i.e. it didn't analyze any of your data).
So, when building the job in the Single Metric Wizard, make sure you select a good window of time for historical data. So either:
set the kibana time picker to something sensible (like last 7 days) and then click the button with the triangle on it:
Or, click the button that says "Use full .monitoring-es-* data on it:
Once you've done this, give your job a unique name (my screen looks like this):
First of all, I really appreciate for your precious answer.!
I didn't consider about the kibana time picker you mentioned.
It seems work due to the graph is changing, when I change time peaker.
However I switch the time peaker (last 24 hours or last 4hours and so on) , the analyzing process is still not working...
and at the same time when i check the "job management", the processed records is still zero.
I would be really happy if you can give me a hand more about it.
If you need any imformation plz tell me.
Have a nice day.
Thanks, this is helpful information - because now it seems as if the problem you are having is likely not due to any configuration problem. So, what we need now is more detailed information as to what is happening behind the scenes. This information will be in the elasticsearch.log file. Please do the following:
Configure a job as you've done above but before clicking the "Create Job" button, keep track of where the end of the elasticsearch.log is.
Click the "Create Job" button in the UI and note the new messages that appear in the elasticsearch.log file.
Please copy/paste these messages from the log here so that we can diagnose.
Additionally, I would like to know the specs of the system you are running ML on (size of RAM, # of CPUs, etc.). Is it a single node setup for testing or is this a multi-node production system?
spec of the system.
I am running ML on CentOS7 installed on Server.
the server spec is
system bit: 64bit
OS: CentOS7
cpu: xeon(R) CPU E5-2609 v2 @2.5GHz
number of cpu: 8
memory: 65869812kB
elasticsearch.log
-ps1. "νμ΄νκ° κΉ¨μ΄μ§" means "broken pipe error" (I think setting language into Korean makes me get this message.)
-ps2. I paste the whole passage incase I could miss something.
The Machine Learning feature is implemented using native processes that run outside of the JVM that runs Elasticsearch. In your case the native process called autodetect cannot be started. Usually this process would be started by another native process called controller, which is usually started when Elasticsearch is started. I can reproduce your sequence of error messages if I kill this controller process and then try to open a job.
Please can you check what happens if you try and run the relevant native processes at the command prompt:
Do either of these commands complain about missing OS libraries or other OS-related problems?
If not, the most likely scenario is that your controller process has been killed. Do you see it in the process list if you run ps -e | grep controller?
How long has this node been running for? It would be helpful if you could check all the logs since the node started for messages containing either controller or CppLogMessageHandler. Something like:
Also, I will raise an issue for friendlier error reporting in the case where the controller process is not running for some reason. The way it's reported at the moment is impossible to understand.
ps) I made a new machine job again to check it would work, but same thing happened (No analysis)
ps2) I tried to restart controller. but It didn't work. I used "kill -9 " command but it didn't work at all.
ps3) I tried to start controller and autodetect. However, controller didn't response at all and autodetect had a license problem. this is what i got on the terminal.
I finally i solved it.
The main cause was that the elasticsearch was not actually runnung. ( I have to restart elasticserach)
(when I restarted elasticserach, It did staop but not started)
So I found out that I had written
xpack.ml.enabled: true
ml.enabled: true
in elasticsearch.yml and I forgot about that.
so, I delete "ml.enabled: true" and elasticsearch was now running.
as you told me about, the controller is running when elasticsearch starts.
Without your help (especially about controller and autodetect things) I can't solve it.
Again, I really appreciate for your help.!
Have a nice day.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
