[ML] Initial creation of APM module (#18805) (#19133)

* [ML] Initial creation of APM module

* updating query

* adding processor.name check to query

* removing processor.name exists check

* updating manifest with suggested changes

* renaming-job-id

* updating job description

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/logo.json

@@ -0,0 +1,5 @@
+{
+	"src": "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAACAAAAAlCAYAAAAjt+tHAAADMUlEQVRYhe2XTWhUVxSAv/Nm3jSVRB3SJtCMZhhpky4LguCiug2FbnRRBFeKGxFEEBSXCl2VLMSdhS7qJuhCC9JVIQUXrloItLbUxPyaxJ9kUIOTO/NOF/fe9zMThHQGp4vczZt77rnvfPeen3dGVFXp4gi6afx/AZAHuLn4hDurixTzhS2VIrKka/VNjg0McXqo3D7At9OPuDL/D6EKRsSZA1VBJAkPu57Mf6mu86xW43JlpC0A2T15X19pI2VE3FIUGw1V4g2bfqMoRXK8ODLWFkBwIXWNRhRVJXSJYecSGzWiFABxkOdLZdodoqp6fe4xt1cXKeZDVEHEO8JRuqePhWrdcHywxNl9lc4AtP2WNkbX07DrAPlmwWsTcW/2DYJgfaOAuCeA4BPFOk8REbwjRcB6NdHzul8P76I3zJ45EwN/Vw0nJleZ36jTUCUnYNxaoGTmIeJ07DOSRMeDAhiUELvvwId5bh0d4LM9ScHL4Hw3tcb0holf7F8SpnQCTYy7sxGJlUViDRtnuKFKoNBwe2Y26oxPVTM3kAEY7rOmcoIzYI00lAyQ1ZEmmTemMWTkliKxQDkR9vdmvd6ShhcePueHmdfxyY07dZTyp5+nb8Y0yf085wKhocrJSi/jhz56NwDAWi0iEUscgzbA0oGWVEWwsvQ8lrt7Kn7QmnQ7hailDgC8MJsE2Nqf+gKjYolV7W9xz/5w6z7iPwGc+/N3bqwuZGTNvQExnh0jhR6+//wLDu/t3zZAJgauTT/i6txjgLgP8E1Ic29gJBs6oQi1L7/aNkAmBp683QBs0xG6PkBTBtVBpKFwOkaVpc237QFcHP6UkUIPItaQiL16D5G4IYihvHy8PMonhZ5tA7Sk4atGnbsrS2Ra0eZIhGRdlNFduzm4p7ht41sCvO/R9TrQdYAtC1E7Y2J5kR+XZxGfIdLa1K4bw7HBEuf2VzoLMLEyzzd/TbmPUrZwhZqkr6rw68wfvDS1zgbh2G8P+Lm6Hhv3tcSncoFsgeuTXGdj4MxQGWmqln4uqdP7calU6Xwa/vRsiVtPFwhSfYH3faQQiP1ze/zjIU6Vyjt1YAeAfwEhypX7ku7g2QAAAABJRU5ErkJggg==",
+	"height": 25,
+	"width": 120
+}

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/manifest.json

@@ -0,0 +1,37 @@
+{
+  "id": "apm_transaction",
+  "title": "APM",
+  "description": "Detect anomalies in high mean of transaction duration",
+  "type": "Transaction data",
+  "logoFile": "logo.json",
+  "defaultIndexPattern": "apm-*",
+  "query": {
+    "bool": {
+      "filter": [
+        {
+          "term": {
+            "processor.name": "transaction"
+          }
+        },
+        {
+          "term": {
+            "processor.event": "transaction"
+          }
+        }
+      ]
+    }
+  },
+  "jobs": [
+    {
+      "id": "high_mean_response_time",
+      "file": "high_mean_response_time.json"
+    }
+  ],
+  "datafeeds": [
+    {
+      "id": "datafeed-high_mean_response_time",
+      "file": "datafeed_high_mean_response_time.json",
+      "job_id": "high_mean_response_time"
+    }
+  ]
+}

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/datafeed_high_mean_response_time.json

@@ -0,0 +1,25 @@
+{
+  "job_id": "JOB_ID",
+  "indexes": [
+    "INDEX_PATTERN_NAME"
+  ],
+  "types": [],
+  "query": {
+    "match": {
+      "processor.event": {
+        "query": "transaction",
+        "operator": "OR",
+        "prefix_length": 0,
+        "max_expansions": 50,
+        "fuzzy_transpositions": true,
+        "lenient": false,
+        "zero_terms_query": "NONE",
+        "auto_generate_synonyms_phrase_query": true,
+        "boost": 1
+      }
+    }
+  },
+  "chunking_config": {
+    "mode": "auto"
+  }
+}

x-pack/plugins/ml/server/models/data_recognizer/modules/apm_transaction/ml/high_mean_response_time.json

@@ -0,0 +1,29 @@
+{
+  "job_type": "anomaly_detector",
+  "groups": [
+    "apm"
+  ],
+  "description": "Detect anomalies in high mean of transaction duration",
+  "analysis_config": {
+    "bucket_span": "15m",
+    "detectors": [
+      {
+        "detector_description": "high_mean(\"transaction.duration.us\")",
+        "function": "high_mean",
+        "field_name": "transaction.duration.us",
+        "rules": []
+      }
+    ],
+    "influencers": []
+  },
+  "analysis_limits": {
+    "model_memory_limit": "10mb"
+  },
+  "data_description": {
+    "time_field": "@timestamp"
+  },
+  "model_plot_config": {
+    "enabled": true
+  },
+  "model_snapshot_retention_days": 1
+}