/
visitor_rate_ecs.json
34 lines (34 loc) · 1.25 KB
/
visitor_rate_ecs.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
{
"groups": ["nginx"],
"description": "HTTP Access Logs: Detect unusual visitor rates (ECS)",
"analysis_config": {
"bucket_span": "15m",
"summary_count_field_name": "dc_source_address",
"detectors": [
{
"detector_description": "Nginx access visitor rate",
"function": "non_zero_count"
}
],
"influencers": []
},
"analysis_limits": {
"model_memory_limit": "10mb"
},
"data_description": {
"time_field": "@timestamp",
"time_format": "epoch_ms"
},
"model_plot_config": {
"enabled": true
},
"custom_settings": {
"created_by": "ml-module-nginx-access",
"custom_urls": [
{
"url_name": "Raw data",
"url_value": "discover#/?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(columns:!(_source),filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027INDEX_PATTERN_ID\u0027,key:event.dataset,negate:!f,params:(query:\u0027nginx.access\u0027),type:phrase,value:\u0027nginx.access\u0027),query:(match:(event.dataset:(query:\u0027nginx.access\u0027,type:phrase))))),index:\u0027INDEX_PATTERN_ID\u0027,interval:auto,query:(language:kuery,query:\u0027\u0027),sort:!(\u0027@timestamp\u0027,desc))"
}
]
}
}