Book Image

Machine Learning with the Elastic Stack

By : Rich Collier, Bahaaldine Azarmi

Book Image

Machine Learning with the Elastic Stack

By: Rich Collier, Bahaaldine Azarmi

Overview of this book

Machine Learning with the Elastic Stack is a comprehensive overview of the embedded commercial features of anomaly detection and forecasting. The book starts with installing and setting up Elastic Stack. You will perform time series analysis on varied kinds of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you will deploy machine learning within the Elastic Stack for logging, security, and metrics. In the concluding chapters, you will see how machine learning jobs can be automatically distributed and managed across the Elasticsearch cluster and made resilient to failure. By the end of this book, you will understand the performance aspects of incorporating machine learning within the Elastic ecosystem and create anomaly detection jobs and view results from Kibana directly.

Preface

Who this book is for

What this book covers

To get the most out of this book

Free Chapter

Machine Learning for IT

Machine Learning for IT

Overcoming the historical challenges

Theory of operation

Operationalization

Supporting indices

The orchestration

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack

A guided tour of Elastic ML features

Event Change Detection

Event Change Detection

How to understand the normal rate of occurrence

Exploring count functions

Counting in population analysis

Detecting things that rarely occur

Counting message-based logs via categorization

IT Operational Analytics and Root Cause Analysis

IT Operational Analytics and Root Cause Analysis

Holistic application visibility

Data organization

Bringing it all together for root cause analysis

Security Analytics with Elastic Machine Learning

Security Analytics with Elastic Machine Learning

Security in the field

Threat hunting architecture

Investigation analytics

Alerting on ML Analysis

Alerting on ML Analysis

Results presentation

The results index

Alerts from the Machine Learning UI in Kibana

Creating ML alerts manually

Using Elastic ML Data in Kibana Dashboards

Using Elastic ML Data in Kibana Dashboards

Visualization options in Kibana

Preparing data for anomaly detection analysis

Building the visualizations

Using Elastic ML with Kibana Canvas

Using Elastic ML with Kibana Canvas

Introduction to Canvas

Building Elastic ML Canvas slides

Forecasting

Forecasting versus prophesying

Forecasting use cases

Forecasting – theory of operation

Single time series forecasting

Forecast results

Multiple time series forecasting

ML Tips and Tricks

ML Tips and Tricks

Influencers in split versus non-split jobs

Using ML on scripted fields

Using one-sided ML functions to your advantage

Ignoring time periods

Don't over-engineer the use case

ML job throughput considerations

Top-down alerting by leveraging custom rules

Sizing ML deployments

Other Books You May Enjoy

Other Books You May Enjoy

Leave a review - let other readers know what you think

Customer Reviews

5 star

0

4 star

0

3 star

0

2 star

0

1 star

0

Security in the field

The Elastic Stack wasn't originally designed with the security analytics use case in mind; remember, it was designed to be an efficient data store and search engine. However, it has become apparent that—similar to the logging/metrics/performance use case in IT operations—the Elastic Stack is also a very good platform to use for Security Analytics because of its ability to allow real-time access to high volumes of a variety of data. Let's see why and how the evolution of the Elastic Stack into a viable platform for security analytics has taken place.

The volume and variety of data

Before diving into how to operate against security threats with Elastic ML, let's provide a bit...