From 1f2658c1ed72567a7bd2bdea3cade232617712cc Mon Sep 17 00:00:00 2001 From: Lisa Cawley Date: Mon, 7 Mar 2022 07:49:50 -0800 Subject: [PATCH] Add ML modules to Nginx readme (#2662) --- packages/nginx/_dev/build/docs/README.md | 19 +++++++++++++++++++ packages/nginx/changelog.yml | 5 +++++ packages/nginx/docs/README.md | 19 +++++++++++++++++++ packages/nginx/manifest.yml | 2 +- 4 files changed, 44 insertions(+), 1 deletion(-) diff --git a/packages/nginx/_dev/build/docs/README.md b/packages/nginx/_dev/build/docs/README.md index 31cb9d66f651..4fa5306e079c 100644 --- a/packages/nginx/_dev/build/docs/README.md +++ b/packages/nginx/_dev/build/docs/README.md @@ -59,3 +59,22 @@ It's highly recommended to replace `127.0.0.1` with your server’s IP address a {{event "stubstatus"}} {{fields "stubstatus"}} + +## ML Modules + +These anomaly detection jobs are available in the Machine Learning app in Kibana +when you have data that matches the query specified in the +[manifest](https://github.com/elastic/integrations/blob/main/packages/nginx/kibana/ml_module/nginx-Logs-ml.json). + +### Nginx access logs + +Find unusual activity in HTTP access logs. + +| Job | Description | +|---|---| +| visitor_rate_nginx | HTTP Access Logs: Detect unusual visitor rates | +| status_code_rate_nginx | HTTP Access Logs: Detect unusual status code rates | +| source_ip_url_count_nginx | HTTP Access Logs: Detect unusual source IPs - high distinct count of URLs | +| source_ip_request_rate_nginx | HTTP Access Logs: Detect unusual source IPs - high request rates | +| low_request_rate_nginx | HTTP Access Logs: Detect low request rates | + diff --git a/packages/nginx/changelog.yml b/packages/nginx/changelog.yml index 03746542d338..66da811f094c 100644 --- a/packages/nginx/changelog.yml +++ b/packages/nginx/changelog.yml @@ -1,4 +1,9 @@ # newer versions go on top +- version: "1.3.1" + changes: + - description: Add ML modules to readme + type: enhancement + link: https://github.com/elastic/integrations/pull/2662 - version: "1.3.0" changes: - description: Update to ECS 8.0 diff --git a/packages/nginx/docs/README.md b/packages/nginx/docs/README.md index 301a3d1f42d6..27c9a37e80c2 100644 --- a/packages/nginx/docs/README.md +++ b/packages/nginx/docs/README.md @@ -519,3 +519,22 @@ An example event for `stubstatus` looks as following: | service.address | Address where data about this service was collected from. This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets). | keyword | | service.type | The type of the service data is collected from. The type can be used to group and correlate logs and metrics from one service type. Example: If logs or metrics are collected from Elasticsearch, `service.type` would be `elasticsearch`. | keyword | + +## ML Modules + +These anomaly detection jobs are available in the Machine Learning app in Kibana +when you have data that matches the query specified in the +[manifest](https://github.com/elastic/integrations/blob/main/packages/nginx/kibana/ml_module/nginx-Logs-ml.json). + +### Nginx access logs + +Find unusual activity in HTTP access logs. + +| Job | Description | +|---|---| +| visitor_rate_nginx | HTTP Access Logs: Detect unusual visitor rates | +| status_code_rate_nginx | HTTP Access Logs: Detect unusual status code rates | +| source_ip_url_count_nginx | HTTP Access Logs: Detect unusual source IPs - high distinct count of URLs | +| source_ip_request_rate_nginx | HTTP Access Logs: Detect unusual source IPs - high request rates | +| low_request_rate_nginx | HTTP Access Logs: Detect low request rates | + diff --git a/packages/nginx/manifest.yml b/packages/nginx/manifest.yml index 84579a3bc0a8..992b31332fa7 100644 --- a/packages/nginx/manifest.yml +++ b/packages/nginx/manifest.yml @@ -1,7 +1,7 @@ format_version: 1.0.0 name: nginx title: Nginx -version: 1.3.0 +version: 1.3.1 license: basic description: Collect logs and metrics from Nginx HTTP servers with Elastic Agent. type: integration