Anomaly detection in Machine learning kibana – Kibana

With ML categorization jobs you still do an anomaly detection as well as a categorization. Usually this would use a function of the category ID. It’s almost always rare by mlcategory or count by mlcategory, and since you don’t know which you’ve got it must be one of these that’s been added by the categorization wizard. You can find out by looking at the job configuration in the ML jobs list.

If it’s count by mlcategory then your typical and actual will be how many categories of Payload typically and actually occur per time bucket. If it’s rare by mlcategory then typical will be the probability of seeing that category in a typical bucket.

You can see the category definitions without the anomaly information using the Get Categories API.