/
max_disk_utilization_ecs.json
56 lines (56 loc) · 1.71 KB
/
max_disk_utilization_ecs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
{
"job_type": "anomaly_detector",
"description": "Metricbeat filesystem: Detect unusual increases in disk utilization (ECS)",
"groups": [
"metricbeat"
],
"analysis_config": {
"bucket_span": "10m",
"detectors": [
{
"detector_description": "max disk utilization",
"function": "max",
"field_name": "system.filesystem.used.pct",
"partition_field_name": "host.name",
"custom_rules": [
{
"actions": [
"skip_result"
],
"conditions": [
{
"applies_to": "actual",
"operator": "lt",
"value": 0.75
}
]
}
]
}
],
"influencers": [
"host.name"
]
},
"analysis_limits": {
"model_memory_limit": "25mb"
},
"data_description": {
"time_field": "@timestamp",
"time_format": "epoch_ms"
},
"custom_settings": {
"created_by": "ml-module-metricbeat-system",
"custom_urls": [
{
"url_name": "Host overview",
"time_range": "3h",
"url_value": "dashboards#/view/79ffd6e0-faa0-11e6-947f-177f697178b8-ecs?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027host.name:\u0022$host.name$\u0022\u0027))"
},
{
"url_name": "Raw data",
"url_value": "discover#/?_g=(refreshInterval:(pause:!t,value:0),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:'event.dataset:\u0022system.filesystem\u0022'),sort:!('@timestamp',desc))"
}
]
}
}