Practice - 5 Tasks
Answer the questions below
1fill in blank
easyComplete the code to create an anomaly detection job with a unique ID.
Elasticsearch
PUT _ml/anomaly_detectors/[1] { "description": "Detect anomalies in web traffic", "analysis_config": { "bucket_span": "15m", "detectors": [{ "function": "mean", "field_name": "response_time" }] }, "data_description": { "time_field": "timestamp" } }
Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using reserved keywords like 'create_job' as the job ID.
Including spaces or special characters in the job ID.
✗ Incorrect
The job ID must be a unique string identifier. 'web_traffic_anomaly' is a valid and descriptive ID.
2fill in blank
mediumComplete the code to start datafeed for the anomaly detection job.
Elasticsearch
POST _ml/datafeeds/datafeed-[1]/_start Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using a datafeed name that does not match the job ID.
Starting the datafeed before creating the job.
✗ Incorrect
The datafeed name must match the job ID it feeds data to, prefixed with 'datafeed-'.
3fill in blank
hardFix the error in the anomaly detection job creation by completing the missing field name.
Elasticsearch
PUT _ml/anomaly_detectors/web_traffic_anomaly
{
"analysis_config": {
"bucket_span": "15m",
"detectors": [{ "function": "mean", "field_name": "[1]" }]
},
"data_description": { "time_field": "timestamp" }
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using 'timestamp' as a field to analyze, which is a time field.
Using categorical fields like 'user_id' or 'status_code' for mean function.
✗ Incorrect
The detector analyzes the mean of the 'response_time' field to find anomalies in response times.
4fill in blank
hardFill both blanks to filter data for anomaly detection to only include status code 500 errors.
Elasticsearch
PUT _ml/anomaly_detectors/error_500_anomaly
{
"analysis_config": {
"bucket_span": "10m",
"detectors": [{ "function": "count", "by_field_name": "[1]" }]
},
"data_description": {
"time_field": "timestamp",
"filter": { "term": { "[2]": 500 } }
}
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using different fields for grouping and filtering.
Filtering on a field that is not numeric or relevant.
✗ Incorrect
The detector groups counts by 'status_code' and filters data where 'status_code' equals 500.
5fill in blank
hardFill all three blanks to create a job that detects high average CPU usage by host.
Elasticsearch
PUT _ml/anomaly_detectors/cpu_usage_anomaly
{
"description": "Detect high CPU usage",
"analysis_config": {
"bucket_span": "5m",
"detectors": [{ "function": "mean", "field_name": "[1]", "by_field_name": "[2]" }]
},
"data_description": { "time_field": "[3]" }
} Drag options to blanks, or click blank then click option'
Attempts:
3 left
💡 Hint
Common Mistakes
Using memory usage instead of CPU percent for CPU anomaly detection.
Using incorrect time field name.
✗ Incorrect
The job calculates the mean of 'cpu_percent' grouped by 'host.name' over time using 'timestamp' as the time field.