- Elastic Cloud Serverless
- Elasticsearch
- Elastic Observability
- Get started
- Observability overview
- Elastic Observability Serverless billing dimensions
- Create an Observability project
- Quickstart: Monitor hosts with Elastic Agent
- Quickstart: Monitor your Kubernetes cluster with Elastic Agent
- Quickstart: Monitor hosts with OpenTelemetry
- Quickstart: Unified Kubernetes Observability with Elastic Distributions of OpenTelemetry (EDOT)
- Quickstart: Collect data with AWS Firehose
- Get started with dashboards
- Applications and services
- Application performance monitoring (APM)
- Get started with traces and APM
- Learn about data types
- Collect application data
- View and analyze data
- Act on data
- Use APM securely
- Reduce storage
- Managed intake service event API
- Troubleshooting
- Synthetic monitoring
- Get started
- Scripting browser monitors
- Configure lightweight monitors
- Manage monitors
- Work with params and secrets
- Analyze monitor data
- Monitor resources on private networks
- Use the CLI
- Configure a Synthetics project
- Multifactor Authentication for browser monitors
- Configure Synthetics settings
- Grant users access to secured resources
- Manage data retention
- Scale and architect a deployment
- Synthetics Encryption and Security
- Troubleshooting
- Application performance monitoring (APM)
- Infrastructure and hosts
- Logs
- Inventory
- Incident management
- Data set quality
- Observability AI Assistant
- Machine learning
- Reference
- Get started
- Elastic Security
- Elastic Security overview
- Security billing dimensions
- Create a Security project
- Elastic Security requirements
- Elastic Security UI
- AI for Security
- Ingest data
- Configure endpoint protection with Elastic Defend
- Manage Elastic Defend
- Endpoints
- Policies
- Trusted applications
- Event filters
- Host isolation exceptions
- Blocklist
- Optimize Elastic Defend
- Event capture and Elastic Defend
- Endpoint protection rules
- Identify antivirus software on your hosts
- Allowlist Elastic Endpoint in third-party antivirus apps
- Elastic Endpoint self-protection features
- Elastic Endpoint command reference
- Endpoint response actions
- Cloud Security
- Explore your data
- Dashboards
- Detection engine overview
- Rules
- Alerts
- Advanced Entity Analytics
- Investigation tools
- Asset management
- Manage settings
- Troubleshooting
- Manage your project
- Changelog
Machine learning
editMachine learning
editTo view your machine learning resources, go to Project settings → Management → Machine Learning:

The machine learning features that are available vary by project type:
- Elasticsearch Serverless projects have trained models.
- Observability projects have anomaly detection jobs.
- Elastic Security projects have anomaly detection jobs, data frame analytics jobs, and trained models.
For more information, go to Anomaly detection, Data frame analytics and Natural language processing.
Synchronize saved objects
editBefore you can view your machine learning datafeeds, jobs, and trained models in Kibana, they must have saved objects. For example, if you used APIs to create your jobs, wait for automatic synchronization or go to the Machine Learning page and click Synchronize saved objects.
Export and import jobs
editYou can export and import your machine learning job and datafeed configuration details on the Machine Learning page. For example, you can export jobs from your test environment and import them in your production environment.
The exported file contains configuration details; it does not contain the machine learning models. For anomaly detection, you must import and run the job to build a model that is accurate for the new environment. For data frame analytics, trained models are portable; you can import the job then transfer the model to the new cluster. Refer to Exporting and importing data frame analytics trained models.
There are some additional actions that you must take before you can successfully import and run your jobs:
- The data views that are used by anomaly detection datafeeds and data frame analytics source indices must exist; otherwise, the import fails.
- If your anomaly detection jobs use custom rules with filter lists, the filter lists must exist; otherwise, the import fails.
- If your anomaly detection jobs were associated with calendars, you must create the calendar in the new environment and add your imported jobs to the calendar.
On this page