- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing the Elastic Stack
- Getting Started with Security
- How Security Works
- Setting Up User Authentication
- Configuring SAML Single-Sign-On on the Elastic Stack
- Configuring Role-based Access Control
- Auditing Security Events
- Encrypting Communications
- Restricting Connections with IP Filtering
- Cross Cluster Search, Tribe, Clients and Integrations
- Reference
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.2.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Geographic Functions
editGeographic Functions
editThe geographic functions detect anomalies in the geographic location of the input data.
The X-Pack machine learning features include the following geographic function: lat_long
.
You cannot create forecasts for jobs that contain geographic functions.
Lat_long
editThe lat_long
function detects anomalies in the geographic location of the
input data.
This function supports the following properties:
-
field_name
(required) -
by_field_name
(optional) -
over_field_name
(optional) -
partition_field_name
(optional)
For more information about those properties, see Detector Configuration Objects.
Example 1: Analyzing transactions with the lat_long function.
{ "function" : "lat_long", "field_name" : "transactionCoordinates", "by_field_name" : "creditCardNumber" }
If you use this lat_long
function in a detector in your job, it
detects anomalies where the geographic location of a credit card transaction is
unusual for a particular customer’s credit card. An anomaly might indicate fraud.
The field_name
that you supply must be a single string that contains
two comma-separated numbers of the form latitude,longitude
. The latitude
and
longitude
must be in the range -180 to 180 and represent a point on the
surface of the Earth.
For example, JSON data might contain the following transaction coordinates:
{ "time": 1460464275, "transactionCoordinates": "40.7,-74.0", "creditCardNumber": "1234123412341234" }
In Elasticsearch, location data is likely to be stored in geo_point
fields. For more
information, see Geo-point datatype. This data type is not
supported natively in X-Pack machine learning features. You can, however, use Painless scripts
in script_fields
in your datafeed to transform the data into an appropriate
format. For example, the following Painless script transforms
"coords": {"lat" : 41.44, "lon":90.5}
into "lat-lon": "41.44,90.5"
:
{ "script_fields": { "lat-lon": { "script": { "source": "doc['coords'].lat + ',' + doc['coords'].lon", "lang": "painless" } } } }
For more information, see Transforming Data With Script Fields.
On this page