IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Adding custom URLs to machine learning results Export and import machine learning jobs »
Elastic Docs Machine Learning in the Elastic Stack [8.8] Anomaly detection How-to guides

Creating anomaly detection jobs from Lens visualizations

edit

Creating anomaly detection jobs from Lens visualizations

edit

You can create anomaly detection jobs from the compatible Lens charts on Dashboard.

Prerequisites and limitations

edit
  • Only chart-like visualizations are compatible. Supported chart types are area, area_percentage_stacked, area_stacked, bar, bar_horizontal, bar_horizontal_stacked, bar_percentage_stacked, bar_stacked, and line.
  • Supported anomaly detection functions are average, count, max, median, min, sum, unique_count.
  • The chart must contain a date field on one axis and it must be the same as the default date field for the data view.
  • In case of a multi-layered chart, only the compatible layers can be used to create an anomaly detection job.
  • Chart layers which contain a field that uses a time shift or a field that has a filter by setting applied cannot be used to create an anomaly detection job.

Creating the job

edit

You need to have a compatible visualization on Dashboard to create an anomaly detection job. If you don’t have one but you want to try the feature out, go to Analytics > Dashboard and select the [Flight] Global Flight Dashboard which is based on the Kibana sample flight data set. Select the Flight count visualization from the dashboard.

  1. Go to Analytics > Dashboard and select a dashboard with a compatible visualization.
  2. Open the Options (…​) menu for the panel, then select More.
  3. Select Create anomaly detection job. The option is only displayed if the visualization can be converted to an anomaly detection job configuration.
  4. (Optional) Select the layer from which the anomaly detection job is created.
A screenshot of a chart with the Options menu opened

If the visualization has multiple compatible layers, you can select which layer to use for creating the anomaly detection job.

A screenshot of a chart with the Options menu opened

If multiple fields are added to the chart or you selected a Break down by field, the multi metric job wizard is used for creating the job. For a single metric chart, the single metric wizard is used.

If the configured time range of the chart is relative, it is converted to absolute start and end times in the job configuration. If the conversion of these times fails, the whole time range from the index is used.

What’s next

edit
« Adding custom URLs to machine learning results Export and import machine learning jobs »