Apache anomaly detection configurations
These anomaly detection job wizards appear in Kibana if you use the Apache integration in Fleet or you use Filebeat to ship access logs from your Apache HTTP servers to Elasticsearch. The jobs assume that you use fields and data types from the Elastic Common Schema (ECS).
These anomaly detection jobs find unusual activity in HTTP access logs.
For more details, see the datafeed and job definitions in GitHub. Note that these jobs are available in Kibana only if data exists that matches the query specified in the manifest file.
| Name | Description | Job (JSON) | Datafeed |
|---|---|---|---|
| low_request_rate_apache | Detects low request rates. | code | code |
| source_ip_request_rate_apache | Detects unusual source IPs - high request rates. | code | code |
| source_ip_url_count_apache | Detects unusual source IPs - high distinct count of URLs. | code | code |
| status_code_rate_apache | Detects unusual status code rates. | code | code |
| visitor_rate_apache | Detects unusual visitor rates. | code | code |
These legacy anomaly detection jobs find unusual activity in HTTP access logs. For the latest versions, install the Apache integration in Fleet; see Apache access logs.
For more details, see the datafeed and job definitions in GitHub.
These configurations are only available if data exists that matches the recognizer query specified in the manifest file.
| Name | Description | Job (JSON) | Datafeed |
|---|---|---|---|
| low_request_rate_ecs | Detects low request rates (ECS). | code | code |
| source_ip_request_rate_ecs | Detects unusual source IPs - high request rates (ECS). | code | code |
| source_ip_url_count_ecs | Detect unusual source IPs - high distinct count of URLs (ECS). | code | code |
| status_code_rate_ecs | Detects unusual status code rates (ECS). | code | code |
| visitor_rate_ecs | Detects unusual visitor rates (ECS). | code | code |