Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[8.13] [DOCS] Updates SMV limitation (backport #2672) #2673

Merged
merged 1 commit into from
Mar 20, 2024
Merged
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
57 changes: 43 additions & 14 deletions docs/en/stack/ml/anomaly-detection/ml-limitations.asciidoc
Original file line number Diff line number Diff line change
Expand Up @@ -262,24 +262,53 @@ that it does not block pop-up windows or create an exception for your {kib} URL.
//See x-pack-elasticsearch/#844 and x-pack-kibana/#1461

In {kib}, **Anomaly Explorer** and **Single Metric Viewer** charts are not
displayed for anomalies that were due to categorization (if model plot is not
enabled), `time_of_day` functions, `time_of_week` functions, or `lat_long`
geographic functions.

If model plot is not enabled, the charts are not displayed for detectors that
use script fields either (except for scripts that define metric fields). In that
case, the original source data cannot be easily searched because it has been
transformed by the script.

If your <<aggs-dfeeds,{dfeed} uses aggregations with nested `terms` aggs>> and
model plot is not enabled for the {anomaly-job}, neither the **Anomaly
Explorer** nor the **Single Metric Viewer** can plot and display an anomaly
chart for the job. In these cases, the charts are not visible and an explanatory
message is shown.
displayed:

* for anomalies that were due to categorization (if model plot is not
enabled),
* if the {dfeed} uses scripted fields and model plot is not enabled (except
for scripts that define metric fields),
* if the {dfeed} uses
{ref}/search-aggregations-bucket-composite-aggregation.html[composite aggregations]
that have composite sources other than `terms` and `date_histogram`,
* if your <<aggs-dfeeds,{dfeed} uses aggregations with nested `terms` aggs>> and
model plot is not enabled,
* `freq_rare` functions,
* `info_content`, `high_info_content`, `low_info_content` functions,
* `lat_long` geographic functions
* `time_of_day`, `time_of_week` functions,
* `varp`, `high_varp`, `low_varp` functions.

Refer to the table below for a more detailed view of supported detector
functions.

The charts can also look odd in circumstances where there is very little data to
plot. For example, if there is only one data point, it is represented as a
single dot. If there are only two data points, they are joined by a line.
The following table shows which detector functions are supported in the Single
Metric Viewer.

.Detector function support in the Anomaly Explorer and the Single Metric Viewer
[options="header"]
|===================================================================================================================================================================================================
| Detector functions | Function description | Supported
| count, high_count, low_count, non_zero_count, low_non_zero_count | <<ml-count-functions, Count functions>> | yes
| count, high_count, low_count, non_zero_count, low_non_zero_count with summary_count_field_name that is not doc_count (model plot not enabled)| <<ml-count-functions, Count functions>> | yes
| non_zero_count with summary_count_field that is not doc_count using cardinality aggregation in datafeed config (model plot not enabled) | <<ml-count-functions, Count functions>> | yes
| distinct_count, high_distinct_count, low_distinct_count | <<ml-count-functions, Count functions>> | yes
| mean, high_mean, low_mean | <<ml-metric-mean>> | yes
| min | <<ml-metric-min>> | yes
| max | <<ml-metric-max>> | yes
| metric | <<ml-metric-metric>> | yes
| median, high_median, low_median | <<ml-metric-median>> | yes
| sum, high_sum ,low_sum, non_null_sum, high_non_null_sum, low_non_null_sum | <<ml-sum-functions, Sum functions>> | yes
| varp, high_varp, low_varp | <<ml-metric-varp>> | yes (only if model plot is enabled)
| lat_long | <<ml-lat-long>> | no (but map is displayed in the Anomaly Explorer)
| info_content, high_info_content, low_info_content | <<ml-info-content>> | yes (only if model plot is enabled)
| rare | <<ml-rare>> | yes
| freq_rare | <<ml-freq-rare>> | no
| time_of_day, time_of_week | <<ml-time-functions, Time functions>> | no
|===================================================================================================================================================================================================


[discrete]
Expand Down