You're reading from Machine Learning with the Elastic Stack Gain valuable insights from your data with Elastic Stack's machine learning features

Product type Paperback

Published in May 2021

Publisher Packt

ISBN-13 9781801070034

Length 450 pages

Edition 2nd Edition

Languages

Python

Tools

Elasticsearch

Concepts

Machine Learning

Authors (3):

Camilla Montonen

Rich Collier

Bahaaldine Azarmi

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1 – Getting Started with Machine Learning with Elastic Stack

2. Chapter 1: Machine Learning for IT FREE CHAPTER

3. Chapter 2: Enabling and Operationalization

4. Section 2 – Time Series Analysis – Anomaly Detection and Forecasting

5. Chapter 3: Anomaly Detection

6. Chapter 4: Forecasting

7. Chapter 5: Interpreting Results

8. Chapter 6: Alerting on ML Analysis

9. Chapter 7: AIOps and Root Cause Analysis

10. Chapter 8: Anomaly Detection in Other Elastic Stack Apps

11. Section 3 – Data Frame Analysis

12. Chapter 9: Introducing Data Frame Analytics

13. Chapter 10: Outlier Detection

14. Chapter 11: Classification Analysis

15. Chapter 12: Regression

16. Chapter 13: Inference

17. Other Books You May Enjoy

Appendix: Anomaly Detection Tips

Anomaly detection in the Logs app

The Logs app inside of the Observability section of Kibana offers a similar view of your data as the Discover app. However, the users who appreciate more of a live tail view of their logs, regardless of the index the data is stored, will love the Logs app:

Figure 8.16 – The Logs app, part of the Observability section of Kibana

Notice that there is both an Anomalies tab and a Categories tab. Let's first discuss the Categories section.

Log categories

Elastic ML's categorization capabilities, first shown back in Chapter 3, Anomaly Detection, are applied in a generic way to any index of unstructured log data. Within the Logs app, however, categorization is employed with some more strict constraints on the data. In short, the data is expected to be in Elastic Common Schema (ECS) with certain fields defined (especially a field called event.dataset).

Note

The logs dataset from Chapter 7, AIOps and Root...