I'm currently working on a network monitoring project using the Elastic Stack and Packetbeat, and I'm interested in using Elastic Machine Learning to detect anomalies in network traffic. However, I'm not sure how to properly set up a machine learning job for this use case.
- Packetbeat is installed and running on a server, successfully shipping network flow and protocol data to Elasticsearch.
- I can see Packetbeat data in Kibana, including flows, source/destination IPs, ports, etc.
- I'm using Elastic Stack 7.17.13.
