Set the default retention period for the Logs anomaly detection configurations to 120 days#231080
Merged
gbamparop merged 5 commits intoelastic:mainfrom Aug 13, 2025
Merged
Conversation
gbamparop
added
release_note:feature
Contributor
Author
|
@elasticmachine merge upstream |
peteharverson
approved these changes
Aug 11, 2025
Contributor
peteharverson
left a comment
peteharverson
left a comment
There was a problem hiding this comment.
Edits to the ML job configs LGTM.
As this PR will end up in the release notes, I'd suggest a slight edit to the PR title to Set the default retention period for the Logs anomaly detection configurations to 120 days. 'Module' is a word we use internally in the code, but we use 'anomaly detection configurations in the user docs.
Contributor
Author
|
@elasticmachine merge upstream |
Contributor
💔 Build Failed
Failed CI StepsMetrics [docs]Async chunks
History
|
gbamparop
changed the title
Contributor
Author
Good point, I have updated the title, thanks for the review. |
fkanout
pushed a commit
to fkanout/kibana
that referenced
this pull request
Aug 14, 2025
…gurations to 120 days (elastic#231080) ## 📓 Summary - Adds a default retention period of 120 days for the ML results in the predefined modules for logs that power the log anomalies and log categories pages - Adds text to inform users about the default retention period ### Before https://github.com/user-attachments/assets/99af3d99-3255-4413-9b57-1df813732d74 ### After https://github.com/user-attachments/assets/3abab056-6698-49c0-9e36-f309b8139270 ### How to test 1. (_Optional_) Run a Synthtrace scenario to ingest logs (e.g. `node scripts/synthtrace.js simple_logs --from=now-1w --to=now --live`) 2. Create `Log rate` and `Categorization` ML jobs through the log ml pages (e.g. from `/app/logs/anomalies`) 3. Get the configs of the anomaly detection jobs through the `GET _ml/anomaly_detectors` Elasticsearch API 4. Ensure that the `results_retention_days` configuration option is set to 120 Closes elastic#230744 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
NicholasPeretti
pushed a commit
to NicholasPeretti/kibana
that referenced
this pull request
Aug 18, 2025
…gurations to 120 days (elastic#231080) ## 📓 Summary - Adds a default retention period of 120 days for the ML results in the predefined modules for logs that power the log anomalies and log categories pages - Adds text to inform users about the default retention period ### Before https://github.com/user-attachments/assets/99af3d99-3255-4413-9b57-1df813732d74 ### After https://github.com/user-attachments/assets/3abab056-6698-49c0-9e36-f309b8139270 ### How to test 1. (_Optional_) Run a Synthtrace scenario to ingest logs (e.g. `node scripts/synthtrace.js simple_logs --from=now-1w --to=now --live`) 2. Create `Log rate` and `Categorization` ML jobs through the log ml pages (e.g. from `/app/logs/anomalies`) 3. Get the configs of the anomaly detection jobs through the `GET _ml/anomaly_detectors` Elasticsearch API 4. Ensure that the `results_retention_days` configuration option is set to 120 Closes elastic#230744 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
qn895
pushed a commit
to qn895/kibana
that referenced
this pull request
Aug 26, 2025
…gurations to 120 days (elastic#231080) ## 📓 Summary - Adds a default retention period of 120 days for the ML results in the predefined modules for logs that power the log anomalies and log categories pages - Adds text to inform users about the default retention period ### Before https://github.com/user-attachments/assets/99af3d99-3255-4413-9b57-1df813732d74 ### After https://github.com/user-attachments/assets/3abab056-6698-49c0-9e36-f309b8139270 ### How to test 1. (_Optional_) Run a Synthtrace scenario to ingest logs (e.g. `node scripts/synthtrace.js simple_logs --from=now-1w --to=now --live`) 2. Create `Log rate` and `Categorization` ML jobs through the log ml pages (e.g. from `/app/logs/anomalies`) 3. Get the configs of the anomaly detection jobs through the `GET _ml/anomaly_detectors` Elasticsearch API 4. Ensure that the `results_retention_days` configuration option is set to 120 Closes elastic#230744 --------- Co-authored-by: Elastic Machine <elasticmachine@users.noreply.github.com>
florent-leborgne
added a commit
to elastic/docs-content
that referenced
this pull request
Oct 23, 2025
…s and log categories (#3499) ## Summary This PR updates the documentation to reflect the new default retention period of 120 days for ML results in the predefined ML configurations for logs that power the log anomalies and log categories pages, introduced in version 9.2. ## Context Following the changes introduced in elastic/kibana#231080, the predefined ML configurations for logs now set a default retention period of 120 days for ML results, where previously there was no default retention period (results were retained indefinitely). ## Changes Added concise notes in active voice to three documentation files, with version-specific tags: 1. **`solutions/observability/logs/inspect-log-anomalies.md`** - Added a note in the "Enable log rate analysis and anomaly detection" section - Informs users that log anomaly ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 2. **`solutions/observability/logs/categorize-log-entries.md`** - Added a note in the "Create log categories" section - Informs users that log categorization ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 3. **`explore-analyze/machine-learning/anomaly-detection/anomaly-detection-scale.md`** - Updated the "Optimize the results retention" section - Clarified that while anomaly detection results are retained indefinitely by default, predefined ML configurations for logs are an exception with 120-day retention (from version 9.2) - Includes inline `{applies_to}`stack: ga 9.2`` tag Each note: - States the 120-day default retention period - Explains how to customize the retention period via the `results_retention_days` setting - Clearly indicates this feature is available from version 9.2 onwards ## Impact - **Target release**: 9.2 - **Documentation sets affected**: Elastic On-Prem and Cloud (all) - **User benefit**: Users are now informed about the automatic cleanup of older ML results, helping them understand storage management and plan accordingly. Version-specific tags ensure users understand when this feature became available. ## Related - Kibana PR: elastic/kibana#231080 - Contact: @gbamparop Fixes #2476 <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[Internal]: Setting a default retention period for the ML results for the jobs enabling log anomalies and log categories</issue_title> > <issue_description>### Description > > The predefined ML modules for logs that power the log anomalies and log categories pages didn't set a default retention period for the ML results, this will be updated to a default retention of 120 days. > > ### Resources > > - elastic/kibana#231080 > > ### Which documentation set does this change impact? > > Elastic On-Prem and Cloud (all) > > ### Feature differences > > There was no default retention period before and it will be set to 120 days. > > ### What release is this request related to? > 9.2 > > ### Serverless release > Date TBD > > ### Collaboration model > > The documentation team > > ### Point of contact. > > **Main contact:** > - @gbamparop > </issue_description> > > <agent_instructions>A simple note should suffice where relevant. Updates are probably focused in the following parts of the documentation: https://github.com/elastic/docs-content/tree/main/solutions/observability/logs and/or https://github.com/elastic/docs-content/tree/main/explore-analyze/machine-learning</agent_instructions> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes #2476 <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/elastic/docs-content/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: florent-leborgne <10208282+florent-leborgne@users.noreply.github.com> Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
rhr323
pushed a commit
to rhr323/docs-content
that referenced
this pull request
Oct 27, 2025
…s and log categories (elastic#3499) ## Summary This PR updates the documentation to reflect the new default retention period of 120 days for ML results in the predefined ML configurations for logs that power the log anomalies and log categories pages, introduced in version 9.2. ## Context Following the changes introduced in elastic/kibana#231080, the predefined ML configurations for logs now set a default retention period of 120 days for ML results, where previously there was no default retention period (results were retained indefinitely). ## Changes Added concise notes in active voice to three documentation files, with version-specific tags: 1. **`solutions/observability/logs/inspect-log-anomalies.md`** - Added a note in the "Enable log rate analysis and anomaly detection" section - Informs users that log anomaly ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 2. **`solutions/observability/logs/categorize-log-entries.md`** - Added a note in the "Create log categories" section - Informs users that log categorization ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 3. **`explore-analyze/machine-learning/anomaly-detection/anomaly-detection-scale.md`** - Updated the "Optimize the results retention" section - Clarified that while anomaly detection results are retained indefinitely by default, predefined ML configurations for logs are an exception with 120-day retention (from version 9.2) - Includes inline `{applies_to}`stack: ga 9.2`` tag Each note: - States the 120-day default retention period - Explains how to customize the retention period via the `results_retention_days` setting - Clearly indicates this feature is available from version 9.2 onwards ## Impact - **Target release**: 9.2 - **Documentation sets affected**: Elastic On-Prem and Cloud (all) - **User benefit**: Users are now informed about the automatic cleanup of older ML results, helping them understand storage management and plan accordingly. Version-specific tags ensure users understand when this feature became available. ## Related - Kibana PR: elastic/kibana#231080 - Contact: @gbamparop Fixes elastic#2476 <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[Internal]: Setting a default retention period for the ML results for the jobs enabling log anomalies and log categories</issue_title> > <issue_description>### Description > > The predefined ML modules for logs that power the log anomalies and log categories pages didn't set a default retention period for the ML results, this will be updated to a default retention of 120 days. > > ### Resources > > - elastic/kibana#231080 > > ### Which documentation set does this change impact? > > Elastic On-Prem and Cloud (all) > > ### Feature differences > > There was no default retention period before and it will be set to 120 days. > > ### What release is this request related to? > 9.2 > > ### Serverless release > Date TBD > > ### Collaboration model > > The documentation team > > ### Point of contact. > > **Main contact:** > - @gbamparop > </issue_description> > > <agent_instructions>A simple note should suffice where relevant. Updates are probably focused in the following parts of the documentation: https://github.com/elastic/docs-content/tree/main/solutions/observability/logs and/or https://github.com/elastic/docs-content/tree/main/explore-analyze/machine-learning</agent_instructions> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes elastic#2476 <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/elastic/docs-content/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: florent-leborgne <10208282+florent-leborgne@users.noreply.github.com> Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
naemono
pushed a commit
to naemono/docs-content
that referenced
this pull request
Oct 28, 2025
…s and log categories (elastic#3499) ## Summary This PR updates the documentation to reflect the new default retention period of 120 days for ML results in the predefined ML configurations for logs that power the log anomalies and log categories pages, introduced in version 9.2. ## Context Following the changes introduced in elastic/kibana#231080, the predefined ML configurations for logs now set a default retention period of 120 days for ML results, where previously there was no default retention period (results were retained indefinitely). ## Changes Added concise notes in active voice to three documentation files, with version-specific tags: 1. **`solutions/observability/logs/inspect-log-anomalies.md`** - Added a note in the "Enable log rate analysis and anomaly detection" section - Informs users that log anomaly ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 2. **`solutions/observability/logs/categorize-log-entries.md`** - Added a note in the "Create log categories" section - Informs users that log categorization ML jobs retain results for 120 days by default - Includes `:applies_to: stack: ga 9.2` tag 3. **`explore-analyze/machine-learning/anomaly-detection/anomaly-detection-scale.md`** - Updated the "Optimize the results retention" section - Clarified that while anomaly detection results are retained indefinitely by default, predefined ML configurations for logs are an exception with 120-day retention (from version 9.2) - Includes inline `{applies_to}`stack: ga 9.2`` tag Each note: - States the 120-day default retention period - Explains how to customize the retention period via the `results_retention_days` setting - Clearly indicates this feature is available from version 9.2 onwards ## Impact - **Target release**: 9.2 - **Documentation sets affected**: Elastic On-Prem and Cloud (all) - **User benefit**: Users are now informed about the automatic cleanup of older ML results, helping them understand storage management and plan accordingly. Version-specific tags ensure users understand when this feature became available. ## Related - Kibana PR: elastic/kibana#231080 - Contact: @gbamparop Fixes elastic#2476 <!-- START COPILOT CODING AGENT SUFFIX --> <details> <summary>Original prompt</summary> > > ---- > > *This section details on the original issue you should resolve* > > <issue_title>[Internal]: Setting a default retention period for the ML results for the jobs enabling log anomalies and log categories</issue_title> > <issue_description>### Description > > The predefined ML modules for logs that power the log anomalies and log categories pages didn't set a default retention period for the ML results, this will be updated to a default retention of 120 days. > > ### Resources > > - elastic/kibana#231080 > > ### Which documentation set does this change impact? > > Elastic On-Prem and Cloud (all) > > ### Feature differences > > There was no default retention period before and it will be set to 120 days. > > ### What release is this request related to? > 9.2 > > ### Serverless release > Date TBD > > ### Collaboration model > > The documentation team > > ### Point of contact. > > **Main contact:** > - @gbamparop > </issue_description> > > <agent_instructions>A simple note should suffice where relevant. Updates are probably focused in the following parts of the documentation: https://github.com/elastic/docs-content/tree/main/solutions/observability/logs and/or https://github.com/elastic/docs-content/tree/main/explore-analyze/machine-learning</agent_instructions> > > ## Comments on the Issue (you are @copilot in this section) > > <comments> > </comments> > </details> Fixes elastic#2476 <!-- START COPILOT CODING AGENT TIPS --> --- ✨ Let Copilot coding agent [set things up for you](https://github.com/elastic/docs-content/issues/new?title=✨+Set+up+Copilot+instructions&body=Configure%20instructions%20for%20this%20repository%20as%20documented%20in%20%5BBest%20practices%20for%20Copilot%20coding%20agent%20in%20your%20repository%5D%28https://gh.io/copilot-coding-agent-tips%29%2E%0A%0A%3COnboard%20this%20repo%3E&assignees=copilot) — coding agent works faster and does higher quality work when set up for your repo. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: florent-leborgne <10208282+florent-leborgne@users.noreply.github.com> Co-authored-by: florent-leborgne <florent.leborgne@elastic.co>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
5 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
📓 Summary
Before
Screen.Recording.2025-08-08.at.10.58.53.mov
After
Screen.Recording.2025-08-08.at.10.54.19.mov
How to test
node scripts/synthtrace.js simple_logs --from=now-1w --to=now --live)Log rateandCategorizationML jobs through the log ml pages (e.g. from/app/logs/anomalies)GET _ml/anomaly_detectorsElasticsearch APIresults_retention_daysconfiguration option is set to 120Closes #230744