IMPORTANT: No additional bug fixes or documentation updates
will be released for this version. For the latest information, see the
current release documentation.
Nginx
editNginx
editThese anomaly detection job wizards appear in Kibana if you use Filebeat to ship access logs from your Nginx HTTP servers to Elasticsearch and store it using fields and datatypes from the Elastic Common Schema (ECS).
- low_request_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of http requests.
-
Detects unusually low counts of HTTP requests compared to the previous event
rate (using the
low_count
function).
-
For HTTP web access logs where
- source_ip_request_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of HTTP requests by source IP.
-
Detects source IPs with unusually high request rates in the HTTP access log
compared to the previous rate (using the
high_count
function).
-
For HTTP web access logs where
- source_ip_url_count_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models the event rate of HTTP requests by source IP.
-
Detects source IPs with unusually high distinct count of URLs in the HTTP
access log (using the
high_distinct_count
function).
-
For HTTP web access logs where
- status_code_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. -
Models the occurrences of HTTP response status codes (
partition_field_name
ishttp.response.status_code
). -
Detects unusual status code rates in the HTTP access log compared to previous
rates (using the
count
function).
-
For HTTP web access logs where
- visitor_rate_ecs
-
-
For HTTP web access logs where
event.dataset
isnginx.access
. - Models visitor rates.
-
Detects unusual visitor rates in the HTTP access log ompared to previous
rates (using the
non_zero_count
function).
-
For HTTP web access logs where