Table of contents
| General | ||
|---|---|---|
| Key parameter | Possible values | Note |
| log_verbosity | 0-5 |
|
| log_level | CRITICAL, ERROR, WARNING, INFO, DEBUG |
|
| log_file | Path to file | |
| es_wipe_all_existing_outliers | 0, 1 |
|
| es_wipe_all_whitelisted_outliers | 0, 1 |
|
| print_outliers_to_console | 0, 1 |
|
| es_url | URL to connect to ES | |
| es_timeout | Integer | |
| timestamp_field | Any document field | |
| history_window_days | Integer | |
| history_window_hours | Integer | |
| es_scan_size | Integer | |
| es_scroll_time | Time (format [integer][letter] where letter represent a duration (Hours, Minutes, Seconds)) | |
| es_index_pattern | String | |
| es_save_results | 0, 1 |
|
| run_models | 0, 1 |
|
| test_models | 0, 1 |
|
| train_models | 0, 1 |
|
TODO: write about notifier
To have more information about the configuration of one analyzer, visit the page Building detection use cases .
| All analyzers | ||
|---|---|---|
| Key parameter | Possible values | Note |
| es_query_filter | Any valid Elasticsearch query | Mandatory |
| es_dsl_filter | Any valid filter | |
| timestamp_field | Any document key | |
| history_window_days | integer |
|
| history_window_hours | integer |
|
| should_notify | 0, 1 |
|
| use_derived_fields | 0, 1 |
|
| es_index | Any string | |
| outlier_type | Any string | Mandatory |
| outlier_reason | Any string | Mandatory |
| outlier_summary | Any string | Mandatory |
| run_model | 0, 1 |
Mandatory |
| test_model | 0, 1 |
Mandatory |
Any other parameters that are not used by the model will be automatically copy to the outlier parameter. More information here.
The following parameters could be used for analyzers terms and metrics.
| Usual model parameters (Terms, Metrics) | ||
|---|---|---|
| Key parameter | Possible values | Note |
| trigger_on | low, high |
|
| trigger_method | percentile, pct_of_max_value, pct_of_median_value, pct_of_avg_value, mad, madpos, stdev, float, coeff_of_variation |
coeff_of_variation is only adapt for Terms with target_count_method set on within_aggregator |
| trigger_sensitivity | 0-100, 0-Inf. |
|
| process_documents_chronologically | 0, 1 |
Default: 0 |
| target | Any document field | Mandatory |
| aggregator | List of any document field(s) | Mandatory |
| Metrics | ||
|---|---|---|
| Key parameter | Possible values | Note |
| metric | length, numerical_value, entropy, base64_encoded_length, hex_encoded_length, url_length, relative_english_entropy |
Mandatory |
| Terms | ||
|---|---|---|
| Key parameter | Possible values | Note |
| target_count_method | within_aggregator, across_aggregators |
Mandatory |
| min_target_buckets | 0, 1 |
Only with the target_count_method set on within_aggregator |
machine_learning tensorflow_log_level