IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Nginx anomaly detection configurations
editNginx anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch and store it using fields and datatypes from the Elastic Common Schema (ECS). For more details, see the datafeed and job definitions in GitHub.
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
- low_request_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of http requests.
- Detects unusually low counts of HTTP requests compared to the previous event rate.
-
For HTTP web access logs where
- source_ip_request_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of HTTP requests by source IP.
- Detects source IPs with unusually high request rates in the HTTP access log compared to the previous rate.
-
For HTTP web access logs where
- source_ip_url_count_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of HTTP requests by source IP.
- Detects source IPs with unusually high distinct count of URLs in the HTTP access log.
-
For HTTP web access logs where
- status_code_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the occurrences of HTTP response status codes.
- Detects unusual status code rates in the HTTP access log compared to previous rates.
-
For HTTP web access logs where
- visitor_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models visitor rates.
- Detects unusual visitor rates in the HTTP access log compared to previous rates.
-
For HTTP web access logs where