[ML] Kibana Sample Dataset data recognizer modules (#35138) (#36780)

* Initial job configuration files for Kibana Sample Ecommerce data recognizer * Initial configuration files for Kibana Sample Data for web logs * Initial configuration for Kibana Sample Data recognizer for Flights data * Correcting ID, title and description of Flights sample data recognizer * Adding Custom URLs to link to Discover from Kibana Sample Dataset ML jobs * Adding custom URLs to Ecommerce Data Recognizer results * Adding new custom URL to Kibana Sample Ecommerce data recognizer * Adding custom URL for Sample Flights dataset dashboard * Adding custom URLs to sample Web Logs data recogniser config * Fixing single quotes and url names in custom URLs for flights and ecommerce datasets * Adding Kibana Sample Data modules to list of modules that need testing * Renaming Kibana Sample Data recognizer modules, fixing IDs and adding modules to test framework * Fixing data recognizer titles to sentence case * Fixing sentence case issues in Kibana eCommerce sample data * Fixing sentence case in Kibana sample flights data * Fixing sentence case in Kibana sample weblogs data * Changing job configuration for Kibana sample flights data * Making changes to job descriptions * Changing job configurations and renaming files for Kibana eCommerce sample data recognizer * Removing mean bytes by file extension from Web Logs sample jobs and adding three new configurations * Fixing minor issues with Kibana Sample Data recognizer configurations * Adding jobs to job groups * Changing job group names to use underscores instead of hyphens * Adding filtering to Kibana Sample Data dashboards * Fixing linting issues in JSON configs * Finetuning data recognizer module descriptions * Renaming Kibana Sample Data flights jobs * Removing plural from Kibana Sample Flights dataset description * Modifying custom URLs for Kibana Flights jobs * Fixing custom URLs for Kibana Sample eCommerce dataset jobs * Adding new influencers and fixing Discover custom URLs for Kibana Weblogs sample dataset job * Fixing space before colon issue in job configurations * Converting tabs to spaces * Fixing description of detector in sample dataset eCommerce job
2025-04-23 09:19:04 -04:00 · 2019-05-21 19:38:18 +02:00 · 2019-05-21 19:38:18 +02:00 · 9aa5242607
commit 9aa5242607
parent 228410f566
17 changed files with 342 additions and 0 deletions
--- a/x-pack/plugins/ml/server/models/data_recognizer/tests/data_recognizer.js
+++ b/x-pack/plugins/ml/server/models/data_recognizer/tests/data_recognizer.js
@ -19,6 +19,9 @@ describe('ML - data recognizer', () => {
    'auditbeat_process_hosts_ecs',
    'metricbeat_system_ecs',
    'nginx_ecs',
+    'sample_data_ecommerce',
+    'sample_data_flights',
+    'sample_data_weblogs',
  ];

  // check all module IDs are the same as the list above
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/logo.json
@ -0,0 +1,3 @@
+{
+  "icon": "logoKibana"
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/manifest.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/manifest.json
@ -0,0 +1,27 @@
+{
+  "id": "sample_data_ecommerce",
+  "title": "Kibana sample data eCommerce",
+  "description": "Find anomalies in eCommerce total sales data",
+  "type": "Sample Dataset",
+  "logoFile": "logo.json",
+  "defaultIndexPattern": "kibana_sample_data_ecommerce",
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_ecommerce" } }]
+    }
+  },
+  "jobs": [
+    {
+      "id": "high_sum_total_sales",
+      "file": "high_sum_total_sales.json"
+    }
+  ],
+  "datafeeds": [
+    {
+      "id": "datafeed-high_sum_total_sales",
+      "file": "datafeed_high_sum_total_sales.json",
+      "job_id": "high_sum_total_sales"
+    }
+  ],
+  "kibana": {}
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/ml/datafeed_high_sum_total_sales.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/ml/datafeed_high_sum_total_sales.json
@ -0,0 +1,9 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_ecommerce" } }]
+    }
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/ml/high_sum_total_sales.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_ecommerce/ml/high_sum_total_sales.json
@ -0,0 +1,38 @@
+{
+  "groups": ["kibana_sample_data"],
+  "description": "Kibana sample eCommerce data: detect anomalies in total sales",
+  "analysis_config": {
+    "bucket_span": "1h",
+    "detectors": [
+      {
+        "detector_description": "High total sales",
+        "function": "high_sum",
+        "field_name": "taxful_total_price",
+        "over_field_name": "customer_full_name.keyword"
+      }
+    ],
+    "influencers": ["customer_full_name.keyword", "category.keyword"]
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "order_date"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-sample",
+    "custom_urls": [
+      {
+        "url_name": "Raw data",
+        "url_value": "kibana#/discover?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(index:ff959d40-b880-11e8-a6d9-e546fe2bba5f,query:(language:kuery,query:\u0027customer_full_name.keyword:\u0022$customer_full_name.keyword$\u0022\u0027),sort:!('@timestamp',desc))"
+      },
+      {
+        "url_name": "Data dashboard",
+        "url_value": "kibana#/dashboard/722b74f0-b882-11e8-a6d9-e546fe2bba5f?_g=(filters:!(),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027INDEX_PATTERN_ID\u0027,key:customer_full_name.keyword,negate:!f,params:(query:\u0027$customer_full_name.keyword$\u0027),type:phrase,value:\u0027$customer_full_name.keyword$\u0027),query:(match:(customer_full_name.keyword:(query:\u0027$customer_full_name.keyword$\u0027,type:phrase))))),query:(language:kuery,query:\u0027\u0027))"
+      }
+    ]
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/logo.json
@ -0,0 +1,3 @@
+{
+  "icon": "logoKibana"
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/manifest.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/manifest.json
@ -0,0 +1,27 @@
+{
+  "id": "sample_data_flights",
+  "title": "Kibana sample data flights",
+  "description": "Find anomalies in mean flight delay",
+  "type": "Sample Dataset",
+  "logoFile": "logo.json",
+  "defaultIndexPattern": "kibana_sample_data_flights",
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_flights" } }]
+    }
+  },
+  "jobs": [
+    {
+      "id": "mean_delay_by_carrier",
+      "file": "mean_delay_by_carrier.json"
+    }
+  ],
+  "datafeeds": [
+    {
+      "id": "datafeed-mean_delay_by_carrier",
+      "file": "datafeed_mean_delay_by_carrier.json",
+      "job_id": "mean_delay_by_carrier"
+    }
+  ],
+  "kibana": {}
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/ml/datafeed_mean_delay_by_carrier.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/ml/datafeed_mean_delay_by_carrier.json
@ -0,0 +1,9 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_flights" } }]
+    }
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/ml/mean_delay_by_carrier.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_flights/ml/mean_delay_by_carrier.json
@ -0,0 +1,38 @@
+{
+  "groups": ["kibana_sample_data"],
+  "description": "Kibana sample flights data: detect anomalies in mean flight delay",
+  "analysis_config": {
+    "bucket_span": "1h",
+    "detectors": [
+      {
+        "detector_description": "Mean flight delay time by airline carrier",
+        "function": "high_mean",
+        "field_name": "FlightDelayMin",
+        "partition_field_name": "Carrier"
+      }
+    ],
+    "influencers": ["Carrier", "DestWeather", "OriginWeather"]
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-sample",
+    "custom_urls": [
+      {
+        "url_name": "Raw data",
+        "url_value": "kibana#/discover?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(index:d3d7af60-4c81-11e8-b3d7-01146121b73d,query:(language:kuery,query:\u0027Carrier:\u0022$Carrier$\u0022\u0027),sort:!('@timestamp',desc))"
+      },
+      {
+        "url_name": "Data dashboard",
+        "url_value": "kibana#/dashboard/7adfa750-4c81-11e8-b3d7-01146121b73d?_g=(filters:!(),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027INDEX_PATTERN_ID\u0027,key:Carrier,negate:!f,params:(query:\u0027$Carrier$\u0027),type:phrase,value:\u0027$Carrier$\u0027),query:(match:(Carrier:(query:\u0027$Carrier$\u0027,type:phrase))))),query:(language:kuery,query:\u0027\u0027))"
+      }
+    ]
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/logo.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/logo.json
@ -0,0 +1,3 @@
+{
+  "icon": "logoKibana"
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/manifest.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/manifest.json
@ -0,0 +1,45 @@
+{
+  "id": "sample_data_weblogs",
+  "title": "Kibana sample data web logs",
+  "description": "Find anomalies in Kibana sample web logs data",
+  "type": "Sample Dataset",
+  "logoFile": "logo.json",
+  "defaultIndexPattern": "kibana_sample_data_logs",
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_logs" } }]
+    }
+  },
+  "jobs": [
+    {
+      "id": "low_count",
+      "file": "low_count.json"
+    },
+    {
+      "id": "count_by_response_code",
+      "file": "count_by_response_code.json"
+    },
+    {
+      "id": "distinct_count_ip",
+      "file": "distinct_count_ip.json"
+    }
+  ],
+  "datafeeds": [
+    {
+      "id": "datafeed-low_count",
+      "file": "datafeed_low_count.json",
+      "job_id": "low_count"
+    },
+    {
+      "id": "datafeed-count_by_response_code",
+      "file": "datafeed_count_by_response_code.json",
+      "job_id": "count_by_response_code"
+    },
+    {
+      "id": "datafeed-distinct_count_ip",
+      "file": "datafeed_distinct_count_ip.json",
+      "job_id": "distinct_count_ip"
+    }
+  ],
+  "kibana": {}
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/count_by_response_code.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/count_by_response_code.json
@ -0,0 +1,37 @@
+{
+  "groups": ["kibana_sample_logs", "kibana_sample_data"],
+  "description": "Kibana sample web logs data: find anomalies in the event count by HTTP response code ",
+  "analysis_config": {
+    "bucket_span": "1h",
+    "detectors": [
+      {
+        "detector_description": "Event count by response code",
+        "function": "count",
+        "partition_field_name": "response.keyword"
+      }
+    ],
+    "influencers": ["clientip", "response.keyword"]
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-sample",
+    "custom_urls": [
+      {
+        "url_name": "Raw data",
+        "url_value": "kibana#/discover?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(index:\u002790943e30-9a47-11e8-b64d-95841ca0b247\u0027,query:(language:kuery,query:\u0027response.keyword:\u0022$response.keyword$\u0022\u0027),sort:!('@timestamp',desc))"
+      },
+      {
+        "url_name": "Data dashboard",
+        "url_value": "kibana#/dashboard/edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b?_g=(filters:!(),time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!((\u0027$state\u0027:(store:appState),meta:(alias:!n,disabled:!f,index:\u0027INDEX_PATTERN_ID\u0027,key:response.keyword,negate:!f,params:(query:\u0027$response.keyword$\u0027),type:phrase,value:\u0027$response.keyword$\u0027),query:(match:(response.keyword:(query:\u0027$response.keyword$\u0027,type:phrase))))),query:(language:kuery,query:\u0027\u0027))"
+      }
+    ]
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_count_by_response_code.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_count_by_response_code.json
@ -0,0 +1,9 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_logs" } }]
+    }
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_distinct_count_ip.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_distinct_count_ip.json
@ -0,0 +1,9 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_logs" } }]
+    }
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_low_count.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/datafeed_low_count.json
@ -0,0 +1,9 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": ["INDEX_PATTERN_NAME"],
+  "query": {
+    "bool": {
+      "filter": [{ "term": { "_index": "kibana_sample_data_logs" } }]
+    }
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/distinct_count_ip.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/distinct_count_ip.json
@ -0,0 +1,37 @@
+{
+  "groups": ["kibana_sample_logs", "kibana_sample_data"],
+  "description": "Kibana sample web logs data: find anomalies in the distinct count of client IPs",
+  "analysis_config": {
+    "bucket_span": "1h",
+    "detectors": [
+      {
+        "detector_description": "Count of distinct client IPs",
+        "function": "distinct_count",
+        "field_name": "clientip"
+      }
+    ],
+    "influencers": ["clientip"]
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-sample",
+    "custom_urls": [
+      {
+        "url_name": "Raw data",
+        "url_value": "kibana#/discover?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(index:\u002790943e30-9a47-11e8-b64d-95841ca0b247\u0027)"
+      },
+      {
+        "url_name": "Data dashboard",
+        "url_value": "kibana#/dashboard/edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027\u0027))"
+      }
+    ]
+  }
+}
--- a/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/low_count.json
+++ b/x-pack/plugins/ml/server/models/data_recognizer/modules/sample_data_weblogs/ml/low_count.json
@ -0,0 +1,36 @@
+{
+  "groups": ["kibana_sample_logs", "kibana_sample_data"],
+  "description": "Kibana sample web logs data: find anomalies in the visitor count",
+  "analysis_config": {
+    "bucket_span": "1h",
+    "detectors": [
+      {
+        "detector_description": "Low visitor count",
+        "function": "low_count"
+      }
+    ],
+    "influencers": []
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "custom_settings": {
+    "created_by": "ml-module-sample",
+    "custom_urls": [
+      {
+        "url_name": "Raw data",
+        "url_value": "kibana#/discover?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(index:\u002790943e30-9a47-11e8-b64d-95841ca0b247\u0027)"
+      },
+      {
+        "url_name": "Data dashboard",
+        "url_value": "kibana#/dashboard/edf84fe0-e1a0-11e7-b6d5-4dc382ef7f5b?_g=(time:(from:\u0027$earliest$\u0027,mode:absolute,to:\u0027$latest$\u0027))&_a=(filters:!(),query:(language:kuery,query:\u0027\u0027))"
+      }
+    ]
+  }
+}