Skip to content

Commit

Permalink
Fix paths in serverless procedures (#4579)
Browse files Browse the repository at this point in the history
* Fix paths in serverless procedures

* Make docs match menu capitalization

(cherry picked from commit 26b6a2f)

# Conflicts:
#	docs/en/serverless/alerting/aiops-generate-anomaly-alerts.asciidoc
#	docs/en/serverless/alerting/create-inventory-threshold-alert-rule.asciidoc
#	docs/en/serverless/apm/apm-integrate-with-machine-learning.asciidoc
#	docs/en/serverless/infra-monitoring/analyze-hosts.asciidoc
#	docs/en/serverless/infra-monitoring/configure-infra-settings.asciidoc
#	docs/en/serverless/infra-monitoring/detect-metric-anomalies.asciidoc
#	docs/en/serverless/infra-monitoring/get-started-with-metrics.asciidoc
#	docs/en/serverless/infra-monitoring/view-infrastructure-metrics.asciidoc
#	docs/en/serverless/machine-learning/aiops-analyze-spikes.asciidoc
#	docs/en/serverless/machine-learning/aiops-detect-anomalies.asciidoc
#	docs/en/serverless/machine-learning/aiops-detect-change-points.asciidoc
#	docs/en/serverless/machine-learning/aiops-tune-anomaly-detection-job.asciidoc
#	docs/en/serverless/observability-overview.asciidoc
#	docs/en/serverless/reference/metrics-app-fields.asciidoc
  • Loading branch information
dedemorton authored and mergify[bot] committed Nov 26, 2024
1 parent 798763f commit 68bf414
Show file tree
Hide file tree
Showing 17 changed files with 2,123 additions and 3 deletions.
2 changes: 1 addition & 1 deletion docs/en/observability/monitor-infra/analyze-hosts.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -197,7 +197,7 @@ The host details overlay contains the following tabs:

include::host-details-partial.asciidoc[]

NOTE: The metrics shown on the **Hosts** page are also available when viewing hosts on the **Inventory** page.
NOTE: The metrics shown on the **Hosts** page are also available when viewing hosts on the **Infrastructure inventory** page.

[discrete]
[[analyze-hosts-why-dashed-lines]]
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,7 @@ The {infrastructure-app} provides a few different views of your data.

[cols="1,1"]
|===
| **Inventory**
| **Infrastructure inventory**
|Provides a metrics-driven view of your entire infrastructure grouped by the resources that you are monitoring.

<<view-infrastructure-metrics,Learn more about the Inventory page > >>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ Refer to the following sections for more on viewing your data.
To view the performance and health metrics collected by {agent},
find **Infrastructure** in the main menu or use the {kibana-ref}/introduction.html#kibana-navigation-search[global search field].

On the **Inventory** page, you can switch between different views to see an
On the **Infrastructure inventory** page, you can switch between different views to see an
overview of the containers and pods running on Kubernetes:

[role="screenshot"]
Expand Down
197 changes: 197 additions & 0 deletions docs/en/serverless/alerting/aiops-generate-anomaly-alerts.asciidoc
Original file line number Diff line number Diff line change
@@ -0,0 +1,197 @@
[[observability-aiops-generate-anomaly-alerts]]
= Create an anomaly detection rule

// :description: Get alerts when anomalies match specific conditions.
// :keywords: serverless, observability, how-to

++++
<titleabbrev>Anomaly detection</titleabbrev>
++++

:role: Editor
:goal: create anomaly detection rules
include::../partials/roles.asciidoc[]
:role!:

:goal!:

:feature: Anomaly detection alerting
include::../partials/feature-beta.asciidoc[]
:feature!:

Create an anomaly detection rule to check for anomalies in one or more anomaly detection jobs.
If the conditions of the rule are met, an alert is created, and any actions specified in the rule are triggered.
For example, you can create a rule to check every fifteen minutes for critical anomalies and then alert you by email when they are detected.

To create an anomaly detection rule:

. In your {obs-serverless} project, go to **Machine learning** → **Jobs**.
. In the list of anomaly detection jobs, find the job you want to check for anomalies.
Haven't created a job yet? <<observability-aiops-detect-anomalies,Create one now>>.
. From the **Actions** menu next to the job, select **Create alert rule**.
. Specify a name and optional tags for the rule. You can use these tags later to filter alerts.
. Verify that the correct job is selected and configure the alert details:
+
[role="screenshot"]
image::images/anomaly-detection-alert.png[Anomaly detection alert settings ]
. For the result type:
+
|===
| Choose... | To generate an alert based on...

| **Bucket**
| How unusual the anomaly was within the bucket of time

| **Record**
| What individual anomalies are present in a time range

| **Influencer**
| The most unusual entities in a time range
|===
. Adjust the **Severity** to match the anomaly score that will trigger the action.
The anomaly score indicates the significance of a given anomaly compared to previous anomalies.
The default severity threshold is 75, which means every anomaly with an anomaly score of 75 or higher will trigger the associated action.
. (Optional) Turn on **Include interim results** to include results that are created by the anomaly detection job _before_ a bucket is finalized. These results might disappear after the bucket is fully processed.
Include interim results if you want to be notified earlier about a potential anomaly even if it might be a false positive.
. (Optional) Expand and change **Advanced settings**:
+
|===
| Setting | Description

| **Lookback interval**
| The interval used to query previous anomalies during each condition check. Setting the lookback interval lower than the default value might result in missed anomalies.

| **Number of latest buckets**
| The number of buckets to check to obtain the highest anomaly from all the anomalies that are found during the Lookback interval. An alert is created based on the anomaly with the highest anomaly score from the most anomalous bucket.
|===
. (Optional) Under **Check the rule condition with an interval**, specify an interval, then click **Test** to check the rule condition with the interval specified.
The button is grayed out if the datafeed is not started.
To test the rule, start the data feed.
. (Optional) If you want to change how often the condition is evaluated, adjust the **Check every** setting.
. (Optional) Set up **Actions**.
. **Save** your rule.

[NOTE]
====
Anomaly detection rules are defined as part of a job.
Alerts generated by these rules do not appear on the **Alerts** page.
====

[discrete]
[[observability-aiops-generate-anomaly-alerts-add-actions]]
== Add actions

You can extend your rules with actions that interact with third-party systems, write to logs or indices, or send user notifications. You can add an action to a rule at any time. You can create rules without adding actions, and you can also define multiple actions for a single rule.

To add actions to rules, you must first create a connector for that service (for example, an email or external incident management system), which you can then use for different rules, each with their own action frequency.

.Connector types
[%collapsible]
=====
Connectors provide a central place to store connection information for services and integrations with third party systems.
The following connectors are available when defining actions for alerting rules:
include::./alerting-connectors.asciidoc[]
For more information on creating connectors, refer to <<action-connectors,Connectors>>.
=====

.Action frequency
[%collapsible]
=====
After you select a connector, you must set the action frequency. You can choose to create a **Summary of alerts** on each check interval or on a custom interval. For example, you can send email notifications that summarize the new, ongoing, and recovered alerts every twelve hours.
Alternatively, you can set the action frequency to **For each alert** and specify the conditions each alert must meet for the action to run. For example, you can send an email only when alert status changes to critical.
[role="screenshot"]
image::images/alert-action-frequency.png[Configure when a rule is triggered]
With the **Run when** menu you can choose if an action runs when the the anomaly score matched the condition or was recovered. For example, you can add a corresponding action for each state to ensure you are alerted when the anomaly score was matched and also when it recovers.
[role="screenshot"]
image::images/alert-anomaly-action-frequency-recovered.png[Choose between anomaly score matched condition or recovered]
=====

.Action variables
[%collapsible]
=====
Use the default notification message or customize it.
You can add more context to the message by clicking the Add variable icon image:images/icons/indexOpen.svg[Add variable] and selecting from a list of available variables.
[role="screenshot"]
image::images/action-variables-popup.png[Action variables list]
The following variables are specific to this rule type.
You can also specify {kibana-ref}/rule-action-variables.html[variables common to all rules].
`context.anomalyExplorerUrl`::
URL to open in the Anomaly Explorer.
`context.isInterim`::
Indicate if top hits contain interim results.
`context.jobIds`::
List of job IDs that triggered the alert.
`context.message`::
Alert info message.
`context.score`::
Anomaly score at the time of the notification action.
`context.timestamp`::
The bucket timestamp of the anomaly.
`context.timestampIso8601`::
The bucket timestamp of the anomaly in ISO8601 format.
`context.topInfluencers`::
The list of top influencers. Properties include:
+
`influencer_field_name`:::
The field name of the influencer.
`influencer_field_value`:::
The entity that influenced, contributed to, or was to blame for the anomaly.
`score`:::
The influencer score. A normalized score between 0-100 which shows the influencer’s overall contribution to the anomalies.
`context.topRecords`::
The list of top records. Properties include:
+
`actual`:::
The actual value for the bucket.
`by_field_value`:::
The value of the by field.
`field_name`:::
Certain functions require a field to operate on, for example, `sum()`. For those functions, this value is the name of the field to be analyzed.
`function`:::
The function in which the anomaly occurs, as specified in the detector configuration. For example, `max`.
`over_field_name`:::
The field used to split the data.
`partition_field_value`:::
The field used to segment the analysis.
`score`:::
A normalized score between 0-100, which is based on the probability of the anomalousness of this record.
`typical`:::
The typical value for the bucket, according to analytical modeling.
=====

[discrete]
[[observability-aiops-generate-anomaly-alerts-edit-an-anomaly-detection-rule]]
== Edit an anomaly detection rule

To edit an anomaly detection rule:

. In your {obs-serverless} project, go to **Machine learning** → **Jobs**.
. Expand the job that uses the rule you want to edit.
. On the **Job settings** tab, under **Alert rules**, click the rule to edit it.
Loading

0 comments on commit 68bf414

Please sign in to comment.