- X-Pack Reference for 6.0-6.2 and 5.x:
- Introduction
- Setting Up X-Pack
- Breaking Changes
- X-Pack APIs
- Graphing Connections in Your Data
- Profiling your Queries and Aggregations
- Reporting from Kibana
- Securing the Elastic Stack
- Getting Started with Security
- How Security Works
- Setting Up User Authentication
- Configuring SAML Single-Sign-On on the Elastic Stack
- Configuring Role-based Access Control
- Auditing Security Events
- Encrypting Communications
- Restricting Connections with IP Filtering
- Cross Cluster Search, Tribe, Clients and Integrations
- Reference
- Monitoring the Elastic Stack
- Alerting on Cluster and Index Events
- Machine Learning in the Elastic Stack
- Troubleshooting
- Getting Help
- X-Pack security
- Can’t log in after upgrading to 6.2.4
- Some settings are not returned via the nodes settings API
- Authorization exceptions
- Users command fails due to extra arguments
- Users are frequently locked out of Active Directory
- Certificate verification fails for curl on Mac
- SSLHandshakeException causes connections to fail
- Common SSL/TLS exceptions
- Internal Server Error in Kibana
- Setup-passwords command fails due to connection failure
- X-Pack Watcher
- X-Pack monitoring
- X-Pack machine learning
- Limitations
- License Management
- Release Notes
WARNING: Version 6.2 of the Elastic Stack has passed its EOL date.
This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.
Getting Started with Machine Learning
editGetting Started with Machine Learning
editReady to get some hands-on experience with the X-Pack machine learning features? This tutorial shows you how to:
- Load a sample data set into Elasticsearch
- Create single and multi-metric machine learning jobs in Kibana
- Use the results to identify possible anomalies in the data
At the end of this tutorial, you should have a good idea of what machine learning is and will hopefully be inspired to use it to detect anomalies in your own data.
You might also be interested in these video tutorials, which use the same sample data:
Before you begin
edit-
Install the Elastic Stack. To follow the steps in this tutorial, you will need the following components of the Elastic Stack:
- Elasticsearch 6.2.4, which stores the data and the analysis results
- X-Pack 6.2.4, which includes the machine learning features for both Elasticsearch and Kibana
- Kibana 6.2.4, which provides a helpful user interface for creating and viewing jobs
See the Elastic Support Matrix for information about supported operating systems.
See Installing the Elastic Stack for information about installing each of the components.
To get started, you can install Elasticsearch and Kibana on a single VM or even on your laptop (requires 64-bit OS). As you add more data and your traffic grows, you’ll want to replace the single Elasticsearch instance with a cluster.
When you install X-Pack into Elasticsearch and Kibana, the machine learning features are enabled by default. If you have multiple nodes in your cluster, you can optionally dedicate nodes to specific purposes. If you want to control which nodes are machine learning nodes or limit which nodes run resource-intensive activity related to jobs, see X-Pack Settings.
- Launch the Kibana web interface by pointing your browser to port 5601. For example, http://127.0.0.1:5601.
- Obtain a license that includes the machine learning features. For more information about Elastic license levels, see https://www.elastic.co/subscriptions. If you want to try all of the X-Pack features, you can start a 30-day trial. See License Management.
-
If X-Pack security is enabled in your cluster, you need a user that has appropriate authority to perform the steps in this tutorial.
The X-Pack machine learning features implement cluster privileges and built-in roles to make it easier to control which users have authority to view and manage the jobs, datafeeds, and results.
By default, you can perform all of the steps in this tutorial by using the built-in
elastic
super user. However, the password must be set before the user can do anything. For information about how to set that password, see Getting Started with Security.If you are performing these steps in a production environment, take extra care because
elastic
has thesuperuser
role and you could inadvertently make significant changes to the system. You can alternatively assign themachine_learning_admin
andkibana_user
roles to a user ID of your choice.For more information, see Built-in Roles and Cluster Privileges.
On this page