Before starting our workpad, we need to do some preparation so that we can use ML data in Canvas. We actually just need two things:

• An Elastic ML job running and producing results
• An index pattern pointing to the job results data

For the Elastic ML job, I'm going to use a single metric job that analyzes the traffic on a nginx web server by looking at the distinct count of IP interacting with the server.

The following Elastic ML analysis screenshot will give you an idea of the general traffic behavior, thus revealing a couple of significant anomalies:

Elastic ML uses, by default, an index called .ml-anomalies-shared to store the detailed job results. However, dedicated result indices per job can also be defined. By creating an index pattern with a wildcard of .ml-anomalies-*, we can use a single index pattern to access results from all jobs. To do so, go into the Kibana Management section, click on Index pattern, and then click on Create index pattern. From here, enter .ml-anomalies-* into the box (and remember to select the Include system indices option to show internal indices that begin with the dot character):

The last step is to select the Time Filter field name in the index with the value of timestamp, as shown in the following screenshot:

With this logistical step out of the way, we can now start to begin constructing our Canvas workpad.