The first job is a simple traffic analysis of the access logs. Create it by following these steps:

1. Access the Machine Learning section in Kibana and create a new Single metric job on the NASA access logs index.
2. Configure the job so that it makes a distinct count on the clientip field, which allows us to count the distinct number of IPs making the traffic, as shown in the following screenshot:

3. Running the job, you should get similar anomalies in the Single Metric Viewer to what's shown in the following screenshot. We'll use those anomalies in a TSVB visualization as annotations later:

While the visualization that's built into ML's UI is useful to show when anomalies occur and what severity they have, many analysts already have a collection of their own visualizations in an operational dashboard. They may want to see these anomalies in their existing dashboard panels. 

There may also be a situation in which the operations analysts may not have the permission or expertise to use the Machine Learning UI to look at anomalies. By externalizing the anomalies to standard dashboard visualizations, it allows the analysts to consume the information about the anomalies within a context they already know and understand.