Book Image

Machine Learning with the Elastic Stack

By : Rich Collier, Bahaaldine Azarmi

Book Image

Machine Learning with the Elastic Stack

By: Rich Collier, Bahaaldine Azarmi

Overview of this book

Machine Learning with the Elastic Stack is a comprehensive overview of the embedded commercial features of anomaly detection and forecasting. The book starts with installing and setting up Elastic Stack. You will perform time series analysis on varied kinds of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you will deploy machine learning within the Elastic Stack for logging, security, and metrics. In the concluding chapters, you will see how machine learning jobs can be automatically distributed and managed across the Elasticsearch cluster and made resilient to failure. By the end of this book, you will understand the performance aspects of incorporating machine learning within the Elastic ecosystem and create anomaly detection jobs and view results from Kibana directly.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Machine Learning for IT

Machine Learning for IT

Overcoming the historical challenges

Theory of operation

Operationalization

Supporting indices

The orchestration

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack

A guided tour of Elastic ML features

Event Change Detection

Event Change Detection

How to understand the normal rate of occurrence

Exploring count functions

Counting in population analysis

Detecting things that rarely occur

Counting message-based logs via categorization

IT Operational Analytics and Root Cause Analysis

IT Operational Analytics and Root Cause Analysis

Holistic application visibility

Data organization

Bringing it all together for root cause analysis

Security Analytics with Elastic Machine Learning

Security Analytics with Elastic Machine Learning

Security in the field

Threat hunting architecture

Investigation analytics

Alerting on ML Analysis

Alerting on ML Analysis

Results presentation

The results index

Alerts from the Machine Learning UI in Kibana

Creating ML alerts manually

Using Elastic ML Data in Kibana Dashboards

Using Elastic ML Data in Kibana Dashboards

Visualization options in Kibana

Preparing data for anomaly detection analysis

Building the visualizations

Using Elastic ML with Kibana Canvas

Using Elastic ML with Kibana Canvas

Introduction to Canvas

Building Elastic ML Canvas slides

Forecasting

Forecasting versus prophesying

Forecasting use cases

Forecasting – theory of operation

Single time series forecasting

Forecast results

Multiple time series forecasting

ML Tips and Tricks

ML Tips and Tricks

Influencers in split versus non-split jobs

Using ML on scripted fields

Using one-sided ML functions to your advantage

Ignoring time periods

Don't over-engineer the use case

ML job throughput considerations

Top-down alerting by leveraging custom rules

Sizing ML deployments

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Summary

We've seen that ML can highlight variations in volume, diversity, and uniqueness in log lines, including those that need some categorization first. These techniques help solve the challenges we described in the first part of this chapter, where a human must both recognize the uniqueness of the content and the relative frequency of occurrence of each raw log message.

The skills learned in this chapter will be helpful in the next chapter, Chapter 4, IT Operational Analytics and Root Cause Analysis, where we will use ML to assist in the process of getting to the root cause of a complex problem that spans multiple datasets, including log files and performance metrics. The analysis will most certainly include the detection of unusually occurring log events.