[ML] Improve processing of job groups in data recognizer wizard #48515

peteharverson · 2019-10-17T12:27:03Z

Currently when creating anomaly detection jobs from a module in the data recognizer wizard, each job ends up with all of the groups referenced across all the jobs in the module. The processing of the groups should be changed so that only the group(s) assigned in the job configuration file are added to the job, with an extra control added to the wizard to optionally override the groups defined in the module so that, for example, an extra group can be added to the jobs.

For example, in the siem_auditbeat module, the linux_anomalous_process_all_hosts_ecs job is put into groups

  "groups": [
    "siem",
    "auditbeat",
    "process"
  ],

in the job configuration file, but after creation of the job in the wizard, is also placed in the network group which is used by other jobs in the module:

The text was updated successfully, but these errors were encountered:

elasticmachine · 2019-10-17T12:27:05Z

Pinging @elastic/ml-ui (:ml)

peteharverson added enhancement New value added to drive a business result :ml Feature:Anomaly Detection ML anomaly detection v7.6.0 labels Oct 17, 2019

peteharverson assigned darnautov Oct 21, 2019

darnautov mentioned this issue Oct 25, 2019

[ML] Improve processing of groups in data recognizer wizard #49310

Merged

5 tasks

darnautov closed this as completed in #49310 Oct 31, 2019

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[ML] Improve processing of job groups in data recognizer wizard #48515

[ML] Improve processing of job groups in data recognizer wizard #48515

peteharverson commented Oct 17, 2019

elasticmachine commented Oct 17, 2019

[ML] Improve processing of job groups in data recognizer wizard #48515

[ML] Improve processing of job groups in data recognizer wizard #48515

Comments

peteharverson commented Oct 17, 2019

elasticmachine commented Oct 17, 2019