Machine learning job and rule requirements

edit

To run and create machine learning jobs and rules, you need all of these:

  • The appropriate license
  • There must be at least one machine learning node in your cluster
  • The machine_learning_admin user role

Additionally, to configure alert suppression for machine learning rules, your role needs the following index privilege:

  • read permission for the .ml-anomalies-* index

For more information, go to Set up machine learning features.

The machine_learning_admin and machine_learning_user built-in roles give access to the results of all anomaly detection jobs, irrespective of whether the user has access to the source indices. Likewise, a user who has full or read-only access to machine learning features within a given Kibana space can view the results of all anomaly detection jobs that are visible in that space. You must carefully consider who is given these roles and feature privileges; anomaly detection job results may propagate field values that contain sensitive information from the source indices to the results.