- Machine Learning: other versions:
- What is Elastic Machine Learning?
- Setup and security
- Anomaly detection
- Finding anomalies
- Tutorial: Getting started with anomaly detection
- Advanced concepts
- API quick reference
- How-tos
- Generating alerts for anomaly detection jobs
- Aggregating data for faster performance
- Altering data in your datafeed with runtime fields
- Customizing detectors with custom rules
- Detecting anomalous categories of data
- Reverting to a model snapshot
- Detecting anomalous locations in geographic data
- Mapping anomalies by location
- Adding custom URLs to machine learning results
- Anomaly detection jobs from visualizations
- Exporting and importing machine learning jobs
- Resources
- Data frame analytics
- Natural language processing
Appendix G: Nginx anomaly detection configurations
editAppendix G: Nginx anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use the Nginx integration in Fleet or you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS).
Nginx access logs
editFind unusual activity in HTTP access logs.
These jobs are available in Kibana only if data exists that matches the query specified in the manifest file.
Name | Description | Job | Datafeed |
---|---|---|---|
low_request_rate_nginx |
Detect low request rates |
||
source_ip_request_rate_nginx |
Detect unusual source IPs - high request rates |
||
source_ip_url_count_nginx |
Detect unusual source IPs - high distinct count of URLs |
||
status_code_rate_nginx |
Detect unusual status code rates |
||
visitor_rate_nginx |
Detect unusual visitor rates |
Nginx access logs (Filebeat)
editThese legacy anomaly detection jobs find unusual activity in HTTP access logs. For the latest versions, install the Nginx integration in Fleet; see Nginx access logs.
These jobs exist in Kibana only if data exists that matches the recognizer query specified in the manifest file.
Name | Description | Job | Datafeed |
---|---|---|---|
low_request_rate_ecs |
Detect low request rates (ECS) |
||
source_ip_request_rate_ecs |
Detect unusual source IPs - high request rates (ECS) |
||
source_ip_url_count_ecs |
Detect unusual source IPs - high distinct count of URLs (ECS) |
||
status_code_rate_ecs |
Detect unusual status code rates (ECS) |
||
visitor_rate_ecs |
Detect unusual visitor rates (ECS) |
On this page