Elasticsearch X-Pack Machine Learning

Mathematical description of data over time

Feature selectionLoading Existing DataPeriod DetectionEmpirical Sorting

Creating detection rules off of your data points

Choosing what frequency of time is meaningful to the data.

Defining which automatically detected anomalies are important.

Parameter range that divides data into batches for processing (usually time)

Function that is applied to the bucket span, count, sum, metric etc.

Running of the analysis function(s) over the determined bucket spans

Multiple analysis functions with a shared bucket span.

Pushes data into a job.May be a query.Can be range based or live.Can be run on pre-aggregated data.

Attribute that has an influence on the data, something that has contributed to the anomaly

Combination of individual item scoring and bucket scoring

How anomalous an event is to a baseline.Based on past behavior

Comparing an anomaly to other readings in the bucket. Aggregate score across all detectors for the jobOnly one score per bucket.

Fields with a low enough cardinality to run a machine learning job over each distinct value.

Advanced job parameter that duplicates the job over values of the field and performs analysis in parallel.

Comparison of a behavior to it's own historical behavior

Comparison of a behavior to the behavior of other members of a population.

Advanced job parameter used to perform population anomaly detection.

Advanced job parameter used to perform individual anomaly detection. Jobs are performed in serial, then categorized BY field.

Uses total anomaly ratio for all by field values

Uses individual anomaly ratio for all partition field values