Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[ML] Update data recognizer modules saved objects to use KQL instead of Lucene #32189

Closed
18 tasks done
peteharverson opened this issue Feb 28, 2019 · 1 comment
Closed
18 tasks done

[ML] Update data recognizer modules saved objects to use KQL instead of Lucene #32189

peteharverson opened this issue Feb 28, 2019 · 1 comment
Assignees
@peteharverson
Labels
enhancement New value added to drive a business result Feature:Anomaly Detection ML anomaly detection :ml v7.0.0 v7.2.0

Comments

@peteharverson
Copy link
Contributor

peteharverson commented Feb 28, 2019
edited
Loading

Since from 7.0 Kibana defaults to KQL for searches rather than Lucene, the saved objects shipped as part of ML data recognizer modules should be switched to use KQL. The searches used in the custom URLs of the ML jobs in the modules should also use KQL rather than Lucene.

Forms part of #30746.

Saved objects that need updating:

Apache module

  • Dashboard ML HTTP Access: Explorer (ECS)
  • Saved Search ML HTTP Access: Access Data (ECS)

NGINX module

  • Dashboard ML HTTP Access: Explorer (ECS)
  • Saved Search ML HTTP Access: Access Data (ECS)

ML Job custom URLs that need updating:

Apache module

  • low_request_rate_ecs job custom URLs
  • source_ip_request_rate_ecs job custom URLs
  • source_ip_url_count_ecs job custom URLs
  • status_code_rate_ecs job custom URLs
  • visitor_rate_ecs job custom URLs

Auditbeat docker processes module

  • docker_high_count_process_events_ecs job custom URLs
  • docker_rare_process_activity_ecs job custom URLs

Auditbeat host processes module

  • hosts_high_count_process_events_ecs job custom URLs
  • hosts_rare_process_activity_ecs job custom URLs

NGINX module

  • low_request_rate_ecs job custom URLs
  • source_ip_request_rate_ecs job custom URLs
  • source_ip_url_count_ecs job custom URLs
  • status_code_rate_ecs job custom URLs
  • visitor_rate_ecs job custom URLs
@peteharverson peteharverson added enhancement New value added to drive a business result :ml Feature:Anomaly Detection ML anomaly detection v7.2.0 labels Feb 28, 2019
@elasticmachine
Copy link
Contributor

Pinging @elastic/ml-ui

@Bargs Bargs mentioned this issue Feb 28, 2019
Closed
4 tasks
@peteharverson peteharverson self-assigned this Mar 8, 2019
@peteharverson peteharverson mentioned this issue Mar 8, 2019
Merged
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@peteharverson peteharverson

Labels
enhancement New value added to drive a business result Feature:Anomaly Detection ML anomaly detection :ml v7.0.0 v7.2.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@peteharverson @elasticmachine