验证用户风险评分数据是否已成功安装(可选)
编辑验证用户风险评分数据是否已成功安装(可选)编辑
启用或升级用户风险评分后,可能会出现以下消息
如果是,请单击 重启 并等待至少一个小时以生成数据。如果数据仍然未出现,请验证用户风险评分数据是否已生成
在 Kibana 中,在控制台中运行以下命令以查询 ml_user_risk_score_<space-id> 索引
GET ml_user_risk_score_<space-id>/_search
如果未返回任何数据,则需要检查在 ml_userriskscore_pivot_transform_<space-id> 启动时警报索引 (.alerts-security.alerts-<space-id>) 是否有警报数据。
示例
GET transform/ml_userriskscore_pivot_transform_<space-id>/_stats?human=true
这是一个示例响应
{
"count": 1,
"transforms": [
{
"id": "ml_userriskscore_pivot_transform_<space-id>",
"state": "started",
"node": {
"id": "H1tlwfTyRkWls-C0sarmHw",
"name": "instance-0000000000",
"ephemeral_id": "SBqlp5ywRuuop2gtcdCljA",
"transport_address": "10.43.255.164:19635",
"attributes": {}
},
"stats": {
"pages_processed": 29,
"documents_processed": 11805,
"documents_indexed": 8,
"documents_deleted": 0,
"trigger_count": 9,
"index_time_in_ms": 52,
"index_total": 7,
"index_failures": 0,
"search_time_in_ms": 201,
"search_total": 29,
"search_failures": 0,
"processing_time_in_ms": 14,
"processing_total": 29,
"delete_time_in_ms": 0,
"exponential_avg_checkpoint_duration_ms": 59.02353261024906,
"exponential_avg_documents_indexed": 0.8762710605864747,
"exponential_avg_documents_processed": 1664.7724779548555
},
"checkpointing": {
"last": {
"checkpoint": 8,
"timestamp": "2022-10-17T14:49:50.315Z",
"timestamp_millis": 1666018190315,
"time_upper_bound": "2022-10-17T14:47:50.315Z",
"time_upper_bound_millis": 1666018070315
},
"operations_behind": 380,
"changes_last_detected_at_string": "2022-10-17T14:49:50.113Z",
"changes_last_detected_at": 1666018190113,
"last_search_time_string": "2022-10-17T14:49:50.113Z",
"last_search_time": 1666018190113
}
}
]
}
请注意来自 time_upper_bound_millis 的值,并将其作为警报索引的范围查询输入。
示例
GET .alerts-security.alerts-<space-id>/_search
{
"query": {
"range": {
"@timestamp": {
"lt": 1666018070315
}
}
}
}
如果没有响应,请验证相关的 规则 正在运行,并且正在生成警报数据。如果存在响应,请单击 重启 并等待一个小时以使用户风险数据出现。