From 755e23bfc362af985fe314d5378b2e9850c4c621 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Istv=C3=A1n=20Zolt=C3=A1n=20Szab=C3=B3?= Date: Wed, 20 Mar 2024 16:21:33 +0100 Subject: [PATCH] [DOCS] Updates SMV limitation (#2672) * [DOCS] Updates SMV limitation. * [DOCS] Addresses feedback. (cherry picked from commit dd7c1259430f2edee6733193d684d63393fdae1f) --- .../anomaly-detection/ml-limitations.asciidoc | 57 ++++++++++++++----- 1 file changed, 43 insertions(+), 14 deletions(-) diff --git a/docs/en/stack/ml/anomaly-detection/ml-limitations.asciidoc b/docs/en/stack/ml/anomaly-detection/ml-limitations.asciidoc index aea836da4..850f11096 100644 --- a/docs/en/stack/ml/anomaly-detection/ml-limitations.asciidoc +++ b/docs/en/stack/ml/anomaly-detection/ml-limitations.asciidoc @@ -262,24 +262,53 @@ that it does not block pop-up windows or create an exception for your {kib} URL. //See x-pack-elasticsearch/#844 and x-pack-kibana/#1461 In {kib}, **Anomaly Explorer** and **Single Metric Viewer** charts are not -displayed for anomalies that were due to categorization (if model plot is not -enabled), `time_of_day` functions, `time_of_week` functions, or `lat_long` -geographic functions. - -If model plot is not enabled, the charts are not displayed for detectors that -use script fields either (except for scripts that define metric fields). In that -case, the original source data cannot be easily searched because it has been -transformed by the script. - -If your <> and -model plot is not enabled for the {anomaly-job}, neither the **Anomaly -Explorer** nor the **Single Metric Viewer** can plot and display an anomaly -chart for the job. In these cases, the charts are not visible and an explanatory -message is shown. +displayed: + +* for anomalies that were due to categorization (if model plot is not +enabled), +* if the {dfeed} uses scripted fields and model plot is not enabled (except +for scripts that define metric fields), +* if the {dfeed} uses +{ref}/search-aggregations-bucket-composite-aggregation.html[composite aggregations] +that have composite sources other than `terms` and `date_histogram`, +* if your <> and +model plot is not enabled, +* `freq_rare` functions, +* `info_content`, `high_info_content`, `low_info_content` functions, +* `lat_long` geographic functions +* `time_of_day`, `time_of_week` functions, +* `varp`, `high_varp`, `low_varp` functions. + +Refer to the table below for a more detailed view of supported detector +functions. The charts can also look odd in circumstances where there is very little data to plot. For example, if there is only one data point, it is represented as a single dot. If there are only two data points, they are joined by a line. +The following table shows which detector functions are supported in the Single +Metric Viewer. + +.Detector function support in the Anomaly Explorer and the Single Metric Viewer +[options="header"] +|=================================================================================================================================================================================================== +| Detector functions | Function description | Supported +| count, high_count, low_count, non_zero_count, low_non_zero_count | <> | yes +| count, high_count, low_count, non_zero_count, low_non_zero_count with summary_count_field_name that is not doc_count (model plot not enabled)| <> | yes +| non_zero_count with summary_count_field that is not doc_count using cardinality aggregation in datafeed config (model plot not enabled) | <> | yes +| distinct_count, high_distinct_count, low_distinct_count | <> | yes +| mean, high_mean, low_mean | <> | yes +| min | <> | yes +| max | <> | yes +| metric | <> | yes +| median, high_median, low_median | <> | yes +| sum, high_sum ,low_sum, non_null_sum, high_non_null_sum, low_non_null_sum | <> | yes +| varp, high_varp, low_varp | <> | yes (only if model plot is enabled) +| lat_long | <> | no (but map is displayed in the Anomaly Explorer) +| info_content, high_info_content, low_info_content | <> | yes (only if model plot is enabled) +| rare | <> | yes +| freq_rare | <> | no +| time_of_day, time_of_week | <> | no +|=================================================================================================================================================================================================== [discrete]