Anomaly detection

The Elastic machine learning anomaly detection feature automatically models the normal behavior of your time series data — learning trends, periodicity, and more — in real time to identify anomalies, streamline root cause analysis, and reduce false positives. Anomaly detection runs in and scales with Elasticsearch, and includes an intuitive UI on the Kibana Machine Learning page for creating anomaly detection jobs and understanding results.

If you have a license that includes the machine learning features, you can create anomaly detection jobs and manage jobs and datafeeds from the Job Management pane:

You can use the Settings pane to create and edit calendars and the filters that are used in custom rules:

The Anomaly Explorer and Single Metric Viewer display the results of your anomaly detection jobs. For example:

You can optionally add annotations by drag-selecting a period of time in the Single Metric Viewer and adding a description. For example, you can add an explanation for anomalies in that time period or provide notes about what is occurring in your operational environment at that time:

In some circumstances, annotations are also added automatically. For example, if the anomaly detection job detects that there is missing data, it annotates the affected time period. For more information, see Handling delayed data. The Job Management pane shows the full list of annotations for each job.

For more information about the anomaly detection feature, see Machine learning in the Elastic Stack and Machine learning anomaly detection.