Nginx anomaly detection configurations
editNginx anomaly detection configurations
editThese anomaly detection job wizards appear in Kibana if you use the Nginx integration in Fleet or you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS).
Nginx access logs
editThese anomaly detection jobs find unusual activity in HTTP access logs.
For more details, see the datafeed and job definitions in GitHub. Note that these jobs are available in Kibana only if data exists that matches the datafeed query.
- low_request_rate_nginx
-
Detects low request rates.
- Job details
-
-
Analyzes request rates (using the
low_countfunction).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Nginx integration
- source_ip_request_rate_nginx
-
Detects unusual source IPs.
- Job details
-
-
Analyzes request rates (using the
high_countfunction) relative to all the source IPs (over_field_nameissource.address).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Nginx integration
- source_ip_url_count_nginx
-
Detects unusual source IPs.
- Job details
-
-
Analyzes distinct counts of URLs (using the
high_distinct_countfunction on theurl.originalfield) relative to all the source IPs (over_field_nameissource.address).
-
Analyzes distinct counts of URLs (using the
- Required Beats or Elastic Agent integrations
-
- Nginx integration
- status_code_rate_nginx
-
Detects unusual status code rates.
- Job details
-
-
Analyzes request rates (using the
countfunction) split by status code (partition_field_nameishttp.response.status_code).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Nginx integration
- visitor_rate_nginx
-
Detects unusual visitor rates.
- Job details
-
-
Analyzes request rates using the
non_zero_countfunction.
-
Analyzes request rates using the
- Required Beats or Elastic Agent integrations
-
- Nginx integration
Nginx access logs (Filebeat)
editThese legacy anomaly detection jobs find unusual activity in HTTP access logs. For the latest versions, install the Nginx integration in Fleet; see Nginx access logs.
For more details, see the datafeed and job definitions in GitHub.
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
- low_request_rate_ecs
-
Detects low request rates.
- Job details
-
-
Analyzes request rates (using the
low_countfunction).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Filebeat
- source_ip_request_rate_ecs
-
Detects unusual source IPs.
- Job details
-
-
Analyzes request rates (using the
high_countfunction) relative to all the source IPs (over_field_nameissource.address).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Filebeat
- source_ip_url_count_ecs
-
Detects unusual source IPs.
- Job details
-
-
Analyzes distinct counts of URLs (using the
high_distinct_countfunction on theurl.originalfield) relative to all the source IPs (over_field_nameissource.address).
-
Analyzes distinct counts of URLs (using the
- Required Beats or Elastic Agent integrations
-
- Filebeat
- status_code_rate_ecs
-
Detects unusual status code rates.
- Job details
-
-
Analyzes request rates (using the
countfunction) split by status code (partition_field_nameishttp.response.status_code).
-
Analyzes request rates (using the
- Required Beats or Elastic Agent integrations
-
- Filebeat
- visitor_rate_ecs
-
Detects unusual visitor rates.
- Job details
-
-
Analyzes request rates using the
non_zero_countfunction.
-
Analyzes request rates using the
- Required Beats or Elastic Agent integrations
-
- Filebeat