diff --git a/docs/reference/ml/anomaly-detection/ml-configuring-alerts.asciidoc b/docs/reference/ml/anomaly-detection/ml-configuring-alerts.asciidoc index 7afaf88081b20..265b94d1d69da 100644 --- a/docs/reference/ml/anomaly-detection/ml-configuring-alerts.asciidoc +++ b/docs/reference/ml/anomaly-detection/ml-configuring-alerts.asciidoc @@ -30,38 +30,38 @@ ideal for this purpose. [[creating-ml-rules]] == Creating a rule -You can create {ml} rules in the {anomaly-job} wizard after you start the job, -from the job list, or under **{stack-manage-app} > {alerts-ui}**. - -On the *Create rule* window, give a name to the rule and optionally provide -tags. Specify the time interval for the rule to check detected anomalies or job -health changes. It is recommended to select an interval that is close to the -bucket span of the job. You can also select a notification option with the -_Notify_ selector. An alert remains active as long as the configured conditions -are met during the check interval. When there is no matching condition in the -next interval, the `Recovered` action group is invoked and the status of the -alert changes to `OK`. For more details, refer to the documentation of -{kibana-ref}/create-and-manage-rules.html#defining-rules-general-details[general rule details]. - -Select the rule type you want to create under the {ml} section and continue to -configure it depending on whether it is an -<> or an -<> rule. +In *{stack-manage-app} > {rules-ui}*, you can create both types of {ml} rules: [role="screenshot"] -image::images/ml-rule.jpg["Creating a new machine learning rule"] +image::images/ml-rule.png["Creating a new machine learning rule",500] +// NOTE: This is an autogenerated screenshot. Do not edit it directly. +When you create a {ml} rule, you must provide a time interval for the rule to +check detected anomalies or job health changes. It is recommended to select an +interval that is close to the bucket span of the job. + +You must also select a notification option, which affects how often alerts +generate actions. Options include running actions at each check interval, only +when the alert status changes, or at a custom action interval. For more +information about these options, refer to the +{kibana-ref}/create-and-manage-rules.html#defining-rules-general-details[General rule details]. + +In the *{ml-app}* app, you can create only {anomaly-detect} alert rules; create +them from the {anomaly-job} wizard after you start the job or from the +{anomaly-job} list. [[creating-anomaly-alert-rules]] === {anomaly-detect-cap} alert -Select the job that the rule applies to. +When you create an {anomaly-detect} alert rule, you must select the job that +the rule applies to. -You must select a type of {ml} result. In particular, you can create rules based -on bucket, record, or influencer results. +You must also select a type of {ml} result. In particular, you can create rules +based on bucket, record, or influencer results. [role="screenshot"] -image::images/ml-anomaly-alert-severity.jpg["Selecting result type, severity, and test interval", 500] +image::images/ml-anomaly-alert-severity.png["Selecting result type, severity, and test interval", 500] +// NOTE: This is an autogenerated screenshot. Do not edit it directly. For each rule, you can configure the `anomaly_score` that triggers the action. The `anomaly_score` indicates the significance of a given anomaly compared to @@ -98,8 +98,9 @@ are met. [[creating-anomaly-jobs-health-rules]] === {anomaly-jobs-cap} health -Select the job or group that the rule applies to. If you assign more jobs to the -group, they are included the next time the rule conditions are checked. +When you create an {anomaly-jobs} health rule, you must select the job or group +that the rule applies to. If you assign more jobs to the group, they are +included the next time the rule conditions are checked. You can also use a special character (`*`) to apply the rule to all your jobs. Jobs created after the rule are automatically included. You can exclude jobs @@ -131,7 +132,8 @@ _Errors in job messages_:: that occur after the rule is created; it does not look at historic behavior. [role="screenshot"] -image::images/ml-health-check-config.jpg["Selecting health checkers"] +image::images/ml-health-check-config.png["Selecting health checkers",500] +// NOTE: This is an autogenerated screenshot. Do not edit it directly. As the last step in the rule creation process, <> that occur when the conditions @@ -141,43 +143,35 @@ are met. [[defining-actions]] == Defining actions -Connect your rule to actions that use supported built-in integrations by -selecting a connector type. Connectors are {kib} services or third-party -integrations that perform an action when the rule conditions are met or the -alert is recovered. You can select in which case the action will run. - -[role="screenshot"] -image::images/ml-anomaly-alert-actions.jpg["Selecting connector type"] - -For example, you can choose _Slack_ as a connector type and configure it to send -a message to a channel you selected. You can also create an index connector that -writes the JSON object you configure to a specific index. It's also possible to -customize the notification messages. A list of variables is available to include -in the message, like job ID, anomaly score, time, top influencers, {dfeed} ID, -memory status and so on based on the selected rule type. Refer to -<> to see the full list of available variables by rule type. +Your rule can use connectors, which are {kib} services or supported third-party +integrations that run actions when the rule conditions are met or when the +alert is recovered. For details about creating connectors, refer to +{kibana-ref}/action-types.html[Connectors]. +For example, you can use a Slack connector to send a message to a channel. Or +you can use an index connector that writes an JSON object to a specific index. +It's also possible to customize the notification messages. There is a set of +variables that you can include in the message depending on the rule type; refer +to <>. [role="screenshot"] -image::images/ml-anomaly-alert-messages.jpg["Customizing your message"] - -After you save the configurations, the rule appears in the *{alerts-ui}* list -where you can check its status and see the overview of its configuration -information. +image::images/ml-anomaly-alert-messages.png["Customizing your message",500] +// NOTE: This is an autogenerated screenshot. Do not edit it directly. -The name of an alert is always the same as the job ID of the associated -{anomaly-job} that triggered it. You can mute the notifications for a particular -{anomaly-job} on the page of the rule that lists the individual alerts. You can -open it via *{alerts-ui}* by selecting the rule name. +After you save the configurations, the rule appears in the +*{stack-manage-app} > {rules-ui}* list; you can check its status and see the +overview of its configuration information. +When an alert occurs, it is always the same name as the job ID of the associated +{anomaly-job} that triggered it. If necessary, you can snooze rules to prevent +them from generating actions. For more details, refer to +{kibana-ref}/create-and-manage-rules.html#controlling-rules[Snooze and disable rules]. [[action-variables]] == Action variables -You can add different variables to your action. The following variables are -specific to the {ml} rule types. An `*` marks the variables that can be used for -actions of recovered alerts. - +The following variables are specific to the {ml} rule types. An asterisk (`*`) +marks the variables that you can use in actions related to recovered alerts. [[anomaly-alert-action-variables]] === {anomaly-detect-cap} alert action variables diff --git a/docs/reference/ml/images/ml-anomaly-alert-actions.jpg b/docs/reference/ml/images/ml-anomaly-alert-actions.jpg deleted file mode 100644 index a0b75152ca71f..0000000000000 Binary files a/docs/reference/ml/images/ml-anomaly-alert-actions.jpg and /dev/null differ diff --git a/docs/reference/ml/images/ml-anomaly-alert-messages.jpg b/docs/reference/ml/images/ml-anomaly-alert-messages.jpg deleted file mode 100644 index de5da557dd116..0000000000000 Binary files a/docs/reference/ml/images/ml-anomaly-alert-messages.jpg and /dev/null differ diff --git a/docs/reference/ml/images/ml-anomaly-alert-messages.png b/docs/reference/ml/images/ml-anomaly-alert-messages.png new file mode 100644 index 0000000000000..09216d566ab7e Binary files /dev/null and b/docs/reference/ml/images/ml-anomaly-alert-messages.png differ diff --git a/docs/reference/ml/images/ml-anomaly-alert-severity.jpg b/docs/reference/ml/images/ml-anomaly-alert-severity.jpg deleted file mode 100644 index dc6582ebbd84f..0000000000000 Binary files a/docs/reference/ml/images/ml-anomaly-alert-severity.jpg and /dev/null differ diff --git a/docs/reference/ml/images/ml-anomaly-alert-severity.png b/docs/reference/ml/images/ml-anomaly-alert-severity.png new file mode 100644 index 0000000000000..9f15d464d2b67 Binary files /dev/null and b/docs/reference/ml/images/ml-anomaly-alert-severity.png differ diff --git a/docs/reference/ml/images/ml-health-check-config.jpg b/docs/reference/ml/images/ml-health-check-config.jpg deleted file mode 100644 index c235d79984525..0000000000000 Binary files a/docs/reference/ml/images/ml-health-check-config.jpg and /dev/null differ diff --git a/docs/reference/ml/images/ml-health-check-config.png b/docs/reference/ml/images/ml-health-check-config.png new file mode 100644 index 0000000000000..23a3833325bc2 Binary files /dev/null and b/docs/reference/ml/images/ml-health-check-config.png differ diff --git a/docs/reference/ml/images/ml-rule.jpg b/docs/reference/ml/images/ml-rule.jpg deleted file mode 100644 index 44973e785401c..0000000000000 Binary files a/docs/reference/ml/images/ml-rule.jpg and /dev/null differ diff --git a/docs/reference/ml/images/ml-rule.png b/docs/reference/ml/images/ml-rule.png new file mode 100644 index 0000000000000..1008dadf2b664 Binary files /dev/null and b/docs/reference/ml/images/ml-rule.png differ