Book Image

Machine Learning with the Elastic Stack

By : Rich Collier, Bahaaldine Azarmi

Book Image

Machine Learning with the Elastic Stack

By: Rich Collier, Bahaaldine Azarmi

Overview of this book

Machine Learning with the Elastic Stack is a comprehensive overview of the embedded commercial features of anomaly detection and forecasting. The book starts with installing and setting up Elastic Stack. You will perform time series analysis on varied kinds of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you will deploy machine learning within the Elastic Stack for logging, security, and metrics. In the concluding chapters, you will see how machine learning jobs can be automatically distributed and managed across the Elasticsearch cluster and made resilient to failure. By the end of this book, you will understand the performance aspects of incorporating machine learning within the Elastic ecosystem and create anomaly detection jobs and view results from Kibana directly.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Machine Learning for IT

Machine Learning for IT

Overcoming the historical challenges

Theory of operation

Operationalization

Supporting indices

The orchestration

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack

A guided tour of Elastic ML features

Event Change Detection

Event Change Detection

How to understand the normal rate of occurrence

Exploring count functions

Counting in population analysis

Detecting things that rarely occur

Counting message-based logs via categorization

IT Operational Analytics and Root Cause Analysis

IT Operational Analytics and Root Cause Analysis

Holistic application visibility

Data organization

Bringing it all together for root cause analysis

Security Analytics with Elastic Machine Learning

Security Analytics with Elastic Machine Learning

Security in the field

Threat hunting architecture

Investigation analytics

Alerting on ML Analysis

Alerting on ML Analysis

Results presentation

The results index

Alerts from the Machine Learning UI in Kibana

Creating ML alerts manually

Using Elastic ML Data in Kibana Dashboards

Using Elastic ML Data in Kibana Dashboards

Visualization options in Kibana

Preparing data for anomaly detection analysis

Building the visualizations

Using Elastic ML with Kibana Canvas

Using Elastic ML with Kibana Canvas

Introduction to Canvas

Building Elastic ML Canvas slides

Forecasting

Forecasting versus prophesying

Forecasting use cases

Forecasting – theory of operation

Single time series forecasting

Forecast results

Multiple time series forecasting

ML Tips and Tricks

ML Tips and Tricks

Influencers in split versus non-split jobs

Using ML on scripted fields

Using one-sided ML functions to your advantage

Ignoring time periods

Don't over-engineer the use case

ML job throughput considerations

Top-down alerting by leveraging custom rules

Sizing ML deployments

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Ignoring time periods

Often, people ask how they can get ML to ignore that a certain time period has occurred. Perhaps it was an expected maintenance window, or perhaps something was broken within the data ingest pipeline and data was lost for a few moments. There are a few ways that you can get ML to ignore time periods and, for distinction, we'll separate them into two groups:

A known, upcoming window of time
An unexpected window of time that is discovered after the fact

To illustrate things, we'll use a reference job and dataset that has an anomaly on the date of February 9^th:

Ignoring an upcoming (known) window of time

Two methods can be used to ignore an upcoming window of time, as shown in the following...