Skip to content

Commit c24be27

Browse files
lcawllcawl
authored
[DOCS] Refreshes population job examples (#36101)
1 parent 54facbe commit c24be27

File tree

4 files changed

+13
-12
lines changed

4 files changed

+13
-12
lines changed

docs/reference/ml/images/ml-population-anomaly.jpg

-14.2 KB
Loading

docs/reference/ml/images/ml-population-job.jpg

228 KB
Loading

docs/reference/ml/images/ml-population-results.jpg

71.4 KB
Loading

docs/reference/ml/populations.asciidoc

+13-12
Original file line numberDiff line numberDiff line change
@@ -32,33 +32,34 @@ PUT _xpack/ml/anomaly_detectors/population
3232
{
3333
"description" : "Population analysis",
3434
"analysis_config" : {
35-
"bucket_span":"10m",
35+
"bucket_span":"15m",
3636
"influencers": [
37-
"username"
37+
"clientip"
3838
],
3939
"detectors": [
4040
{
4141
"function": "mean",
42-
"field_name": "bytesSent",
43-
"over_field_name": "username" <1>
42+
"field_name": "bytes",
43+
"over_field_name": "clientip" <1>
4444
}
4545
]
4646
},
4747
"data_description" : {
48-
"time_field":"@timestamp",
48+
"time_field":"timestamp",
4949
"time_format": "epoch_ms"
5050
}
5151
}
5252
----------------------------------
5353
//CONSOLE
5454
// TEST[skip:needs-licence]
55-
<1> This `over_field_name` property indicates that the metrics for each user (
56-
as identified by their `username` value) are analyzed relative to other users
55+
<1> This `over_field_name` property indicates that the metrics for each client (
56+
as identified by their IP address) are analyzed relative to other clients
5757
in each bucket.
5858

5959
If your data is stored in {es}, you can use the population job wizard in {kib}
60-
to create a job with these same properties. For example, the population job
61-
wizard provides the following job settings:
60+
to create a job with these same properties. For example, if you add the sample
61+
web logs in {kib}, you can use the following job settings in the population job
62+
wizard:
6263

6364
[role="screenshot"]
6465
image::images/ml-population-job.jpg["Job settings in the population job wizard]
@@ -81,6 +82,6 @@ details about the anomalies:
8182
[role="screenshot"]
8283
image::images/ml-population-anomaly.jpg["Anomaly details for a specific user"]
8384

84-
In this example, the user identified as `antonette` sent a high volume of bytes
85-
on the date and time shown. This event is anomalous because the mean is two times
86-
higher than the expected behavior of the population.
85+
In this example, the client IP address `29.64.62.83` received a high volume of
86+
bytes on the date and time shown. This event is anomalous because the mean is
87+
three times higher than the expected behavior of the population.

0 commit comments

Comments
 (0)