Book Image

Machine Learning with the Elastic Stack - Second Edition

By : Rich Collier, Camilla Montonen, Bahaaldine Azarmi
5 (1)
Book Image

Machine Learning with the Elastic Stack - Second Edition

5 (1)
By: Rich Collier, Camilla Montonen, Bahaaldine Azarmi

Overview of this book

Elastic Stack, previously known as the ELK stack, is a log analysis solution that helps users ingest, process, and analyze search data effectively. With the addition of machine learning, a key commercial feature, the Elastic Stack makes this process even more efficient. This updated second edition of Machine Learning with the Elastic Stack provides a comprehensive overview of Elastic Stack's machine learning features for both time series data analysis as well as for classification, regression, and outlier detection. The book starts by explaining machine learning concepts in an intuitive way. You'll then perform time series analysis on different types of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you'll deploy machine learning within Elastic Stack for logging, security, and metrics. Finally, you'll discover how data frame analysis opens up a whole new set of use cases that machine learning can help you with. By the end of this Elastic Stack book, you'll have hands-on machine learning and Elastic Stack experience, along with the knowledge you need to incorporate machine learning in your distributed search and data analysis platform.

Related Content you might be interested in

Current Title:

Small book image
Machine Learning with the Elastic Stack - Second Edition
Rich Collier | Camilla Montonen | Bahaaldine Azarmi
May, 2021 | 450 pages
Small book image
Kibana 8.x – A Quick Start Guide to Data Analysis
Krishna Shah
Feb, 2024 | 198 pages
Small book image
Getting Started with Elastic Stack 8.0
Asjad Athick
Mar, 2022 | 474 pages
Small book image
Learning Kibana 7
Bahaaldine Azarmi | Anurag Srivastava
Jul, 2019 | 280 pages
Table of Contents (19 chapters)
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1 – Getting Started with Machine Learning with Elastic Stack
Section 1 – Getting Started with Machine Learning with Elastic Stack
Free Chapter
2
Chapter 1: Machine Learning for IT
Chapter 1: Machine Learning for IT
Overcoming the historical challenges in IT
Dealing with the plethora of data
The advent of automated anomaly detection
Unsupervised versus supervised ML
Using unsupervised ML for anomaly detection
Applying supervised ML to data frame analytics
Summary
3
Chapter 2: Enabling and Operationalization
Chapter 2: Enabling and Operationalization
Technical requirements
Enabling Elastic ML features
Understanding operationalization
Summary
4
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
5
Chapter 3: Anomaly Detection
Chapter 3: Anomaly Detection
Technical requirements
Elastic ML job types
Dissecting the detector
Detecting changes in metric values
Understanding the advanced detector functions
Splitting analysis along categorical features
Understanding temporal versus population analysis
Categorization analysis of unstructured messages
Managing Elastic ML via the API
Summary
6
Chapter 4: Forecasting
Chapter 4: Forecasting
Technical requirements
Contrasting forecasting with prophesying
Forecasting use cases
Forecasting theory of operation
Single time series forecasting
Looking at forecast results
Multiple time series forecasting
Summary
7
Chapter 5: Interpreting Results
Chapter 5: Interpreting Results
Technical requirements
Viewing the Elastic ML results index
Anomaly scores
Results index schema details
Multi-bucket anomalies
Forecast results
Results API
Custom dashboards and Canvas workpads
Summary
8
Chapter 6: Alerting on ML Analysis
Chapter 6: Alerting on ML Analysis
Technical requirements
Understanding alerting concepts
Building alerts from the ML UI
Creating an alert with a watch
Summary
9
Chapter 7: AIOps and Root Cause Analysis
Chapter 7: AIOps and Root Cause Analysis
Technical requirements
Demystifying the term ''AIOps''
Understanding the importance and limitations of KPIs
Moving beyond KPIs
Organizing data for better analysis
Leveraging the contextual information
Bringing it all together for RCA
Summary
10
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Technical requirements
Anomaly detection in Elastic APM
Anomaly detection in the Logs app
Anomaly detection in the Uptime app
Anomaly detection in the Elastic Security app
Summary
11
Section 3 – Data Frame Analysis
Section 3 – Data Frame Analysis
12
Chapter 9: Introducing Data Frame Analytics
Chapter 9: Introducing Data Frame Analytics
Technical requirements
Learning how to use transforms
Using Painless for advanced transform configurations
Working with Python and Elasticsearch
Summary
Further reading
13
Chapter 10: Outlier Detection
Chapter 10: Outlier Detection
Technical requirements
Applying outlier detection in practice
Evaluating outlier detection with the Evaluate API
Hyperparameter tuning for outlier detection
Summary
14
Chapter 11: Classification Analysis
Chapter 11: Classification Analysis
Technical requirements
Classification: from data to a trained model
Taking your first steps with classification
Classification under the hood: gradient boosted decision trees
Hyperparameters
Interpreting results
Summary
Further reading
15
Chapter 12: Regression
Chapter 12: Regression
Technical requirements
Using regression analysis to predict house prices
Using decision trees for regression
Summary
Further reading
16
Chapter 13: Inference
Chapter 13: Inference
Technical requirements
Examining, exporting, and importing your trained models with the Trained Models API
Understanding inference processors and ingest pipelines
Importing external models into Elasticsearch using eland
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think
Appendix: Anomaly Detection Tips
Appendix: Anomaly Detection Tips
Technical requirements
Understanding influencers in split versus non-split jobs
Using one-sided functions to your advantage
Ignoring time periods
Using custom rules and filters to your advantage
Anomaly detection job throughput considerations
Avoiding the over-engineering of a use case
Using anomaly detection on runtime fields
Summary
Why subscribe?

Avoiding the over-engineering of a use case

I once worked with a user where we discussed different use cases for anomaly detection. In particular, this customer was building a hosted security operations center as part of their managed security service provider (MSSP) business, so they were keen to think about use cases in which ML could help.

A high-level theme to their use cases was to look at a user's behavior and find unexpected behavior. One example that was discussed was login activity from unusual/rare locations such as Bob just logged in from Ukraine, but he doesn't normally log in from there.

In the process of thinking the implementation through, there was talk of them having multiple clients, each of which had multiple users. Therefore, they were thinking of ways to split/partition the data so that they could execute rare by country for each and every user of every client.

I asked them to take a step back and said, "Is it worthy of an anomaly if anyone...

Previous Section
End of Section
Next Section