Detect problematic spans and identify user agents that are potentially causing issues.

These jobs are applicable to data from Elastic APM RUM JavaScript Agents (where

`agent.name` is `js-base`).

Copy the contents of the appropriate *.json file into the

[create anomaly detection jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/8.0/ml-put-job.html) in the Kibana Dev Console. For example:

* `abnormal_span_durations_jsbase.json`: Models the duration of spans. Detects spans that are taking longer than usual to process.

* `anomalous_error_rate_for_user_agents_jsbase.json`: Models the error rate of user agents. Detects user agents that are encountering errors at an above normal rate. This job can help detect browser compatibility issues.

* `decreased_throughput_jsbase.json`: Models the transaction rate of the application. Detects periods during which the application is processing fewer requests than normal.

* `high_count_by_user_agent_jsbase.json`: Models the request rate of user agents. Detects user agents that are making requests at a suspiciously high rate. This job is useful in identifying bots.

For more information about anomaly detection and running machine learning jobs,

refer to [Finding anomalies](https://www.elastic.co/guide/en/machine-learning/8.0/ml-ad-finding-anomalies.html).

{

"groups": [

"apm"

],

"description": "APM JSBase: Looks for spans that are taking longer than usual to process.",

"analysis_config": {

"bucket_span": "15m",

"detectors": [

{

"detector_description": "increased span duration",

"function": "high_mean",

"field_name": "span.duration.us",

"partition_field_name": "span.type"

}

],

"influencers": [

"span.type",

"trace.id",

"span.name",

"service.name"

]

},

"allow_lazy_open": true,

"analysis_limits": {

"model_memory_limit": "128mb"

},

"data_description": {

"time_field": "@timestamp"

},

"custom_settings": {

"created_by": "ml-module-apm-jsbase",

"custom_urls": [

{

"url_name": "APM",

"time_range": "2h",

"url_value": "apm#/traces?rangeFrom=$earliest$&rangeTo=$latest$&kuery=trace.id:\"$trace.id$\"&_g=()"

}

]

},

"datafeed_config": {

"indices": [

"apm-*"

],

"max_empty_searches": 10,

"query": {

"bool": {

"must": [

{ "bool": { "filter": { "term": { "agent.name": "js-base" } } } },

{ "bool": { "filter": { "term": { "processor.event": "span" } } } }

]

}

}

}

}

{

"groups": [

"apm"

],

"description": "APM JSBase: Detects user agents that are encountering errors at an above normal rate. This can help detect browser compatibility issues.",

"analysis_config": {

"bucket_span": "15m",

"detectors": [

{

"detector_description": "high error rate for user agent",

"function": "high_non_zero_count",

"partition_field_name": "user_agent.name"

}

],

"influencers": [

"user_agent.name",

"error.exception.message.keyword",

"error.page.url",

"service.name"

]

},

"allow_lazy_open": true,

"analysis_limits": {

"model_memory_limit": "32mb"

},

"data_description": {

"time_field": "@timestamp"

},

"custom_settings": {

"created_by": "ml-module-apm-jsbase",

"custom_urls": [

{

"url_name": "APM",

"time_range": "2h",

"url_value": "apm#/services/$service.name$/errors?rangeFrom=$earliest$&rangeTo=$latest$&refreshPaused=true&refreshInterval=0&kuery=user_agent.name:\"$user_agent.name$\"&_g=()"

}

]

},

"datafeed_config": {

"indices": [

"apm-*"

],

"max_empty_searches": 10,

"query": {

"bool": {

"must": [

{ "bool": { "filter": { "term": { "agent.name": "js-base" } } } },

{ "exists": { "field": "user_agent.name" } }

]

}

}

}

}

{

"groups": [

"apm"

],

"description": "APM JSBase: Identifies periods during which the application is processing fewer requests than normal.",

"analysis_config": {

"summary_count_field_name": "doc_count",

"bucket_span": "15m",

"detectors": [

{

"detector_description": "low throughput",

"function": "low_count"

}

],

"influencers": [

"service.name"

]

},

"allow_lazy_open": true,

"analysis_limits": {

"model_memory_limit": "10mb"

},

"data_description": {

"time_field": "@timestamp"

},

"custom_settings": {

"created_by": "ml-module-apm-jsbase",

"custom_urls": [

{

"url_name": "APM",

"time_range": "2h",

"url_value": "apm#/services?rangeFrom=$earliest$&rangeTo=$latest$&refreshPaused=true&refreshInterval=0&kuery=&transactionType=request"

}

]

},

"datafeed_config": {

"indices": [

"apm-*"

],

"max_empty_searches": 10,

"query": {

"bool": {

"filter": { "term": { "agent.name": "js-base" } }

}

},

"aggregations": {

"buckets": {

"date_histogram": {

"field": "@timestamp",

"fixed_interval": "900000ms"

},

"aggregations": {

"@timestamp": {

"max": {

"field": "@timestamp"

}

}

}

}

}

}

}

{

"groups": [

"apm"

],

"description": "APM JSBase: Detects user agents that are making requests at a suspiciously high rate. This is useful in identifying bots.",

"analysis_config": {

"bucket_span": "15m",

"detectors": [

{

"detector_description": "high request rate for user agent",

"function": "high_non_zero_count",

"partition_field_name": "user_agent.name"

}

],

"influencers": [

"user_agent.name",

"service.name"

]

},

"allow_lazy_open": true,

"analysis_limits": {

"model_memory_limit": "32mb"

},

"data_description": {

"time_field": "@timestamp"

},

"custom_settings": {

"created_by": "ml-module-apm-jsbase",

"custom_urls": [

{

"url_name": "APM",

"time_range": "2h",

"url_value": "apm#/services/$service.name$/transactions?rangeFrom=$earliest$&rangeTo=$latest$&refreshPaused=true&refreshInterval=0&kuery=user_agent.name:\"$user_agent.name$\"&_g=()"

}

]

},

"datafeed_config": {

"indices": [

"apm-*"

],

"max_empty_searches": 10,

"query": {

"bool": {

"must": [

{ "bool": { "filter": { "term": { "agent.name": "js-base" } } } },

{ "bool": { "filter": [{ "exists": { "field": "user_agent.name" } }] } },

{ "bool": { "filter": { "term": { "processor.event": "transaction" } } } }

]

}

}

}

}

Detect abnormal traces, anomalous spans, and identify periods of decreased

throughput. These jobs are applicable to data from Elastic APM Node.js Agents

(where `agent.name` is `nodejs`).

Copy the contents of the appropriate *.json file into the

[create anomaly detection jobs API](https://www.elastic.co/guide/en/elasticsearch/reference/8.0/ml-put-job.html) in the Kibana Dev Console. For example:

* `abnormal_span_durations_nodejs.json`: Models the duration of spans. Detects spans that are taking longer than usual to process.

* `abnormal_trace_durations_nodejs.json`: Models the duration of trace transactions. Detects trace transactions that are processing slower than usual.

* `decreased_throughput_nodejs.json`: Models the transaction rate of the application.

Detects periods during which the application is processing fewer requests than normal.

For more information about anomaly detection and running machine learning jobs,

refer to [Finding anomalies](https://www.elastic.co/guide/en/machine-learning/8.0/ml-ad-finding-anomalies.html).

{

"groups": [

"apm"

],

"description": "APM NodeJS: Looks for spans that are taking longer than usual to process.",

"analysis_config": {

"bucket_span": "15m",

"detectors": [

{

"detector_description": "increased span duration",

"function": "high_mean",

"field_name": "span.duration.us",

"partition_field_name": "span.type"

}

],

"influencers": [

"span.type",

"trace.id",

"span.name",

"service.name"

]

},

"allow_lazy_open": true,

"analysis_limits": {

"model_memory_limit": "128mb"

},

"data_description": {

"time_field": "@timestamp"

},

"custom_settings": {

"created_by": "ml-module-apm-nodejs",

"custom_urls": [

{

"url_name": "APM",

"time_range": "2h",

"url_value": "apm#/traces?rangeFrom=$earliest$&rangeTo=$latest$&kuery=trace.id:\"$trace.id$\"&_g=()"

}

]

},

"datafeed_config":

{

"indices": [

"apm-*"

],

"max_empty_searches": 10,

"query": {

"bool": {

"must": [

{ "bool": { "filter": { "term": { "agent.name": "nodejs" } } } },

{ "bool": { "filter": { "term": { "processor.event": "span" } } } }

]

}

}

}

}