Working with Machine Learning

Elastic Search's machine learning features can be useful if applied to exported ECM data. By visualizing patterns and anomalies in the data the you can tweak the system configuration for better performance and possibly find the root causes of certain issues. ECM has the ability of deploying pre-configured Machine Learning jobs to Elastic Search - the only prerequisites are a working ES cluster and a configured ES connector in ECM. Please refer to the Elastic Search Connector and Machine Learning documentation for further information.

To access and use the Machine Learning feature:

1. Click the Machine Learning tab.
   
   
   
2. Pick an Elastic Search connector. You can use the adjacent link to view machine learning jobs in Kibana.
3. Select a date range. The selected date range will be used to filter alerts based on the Last Occurred timestamp.
4. Deploy one of the following machine learning jobs: Event Floods, Connector Split Type, or Audit Analysis.
   
   ECM will create a pre-configured Machine Learning job in Elastic Search and export the relevant alerts to an index that feeds the job. Note that the alerts will only be exported once unless you manually re-deploy the job. If you want to analyze your data further, you can create custom Machine Learning jobs in Elastic Search and feed them data exported through ECM's Data Export utility.
5. Click Deploy.