Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Machine Learning with the Elastic Stack
  • Toc
  • feedback
Machine Learning with the Elastic Stack

Machine Learning with the Elastic Stack

By : Rich Collier, Camilla Montonen, Bahaaldine Azarmi
5 (9)
close
Machine Learning with the Elastic Stack

Machine Learning with the Elastic Stack

5 (9)
By: Rich Collier, Camilla Montonen, Bahaaldine Azarmi

Overview of this book

Elastic Stack, previously known as the ELK stack, is a log analysis solution that helps users ingest, process, and analyze search data effectively. With the addition of machine learning, a key commercial feature, the Elastic Stack makes this process even more efficient. This updated second edition of Machine Learning with the Elastic Stack provides a comprehensive overview of Elastic Stack's machine learning features for both time series data analysis as well as for classification, regression, and outlier detection. The book starts by explaining machine learning concepts in an intuitive way. You'll then perform time series analysis on different types of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you'll deploy machine learning within Elastic Stack for logging, security, and metrics. Finally, you'll discover how data frame analysis opens up a whole new set of use cases that machine learning can help you with. By the end of this Elastic Stack book, you'll have hands-on machine learning and Elastic Stack experience, along with the knowledge you need to incorporate machine learning in your distributed search and data analysis platform.
Table of Contents (19 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1 – Getting Started with Machine Learning with Elastic Stack
Section 1 – Getting Started with Machine Learning with Elastic Stack
Free Chapter
2
Chapter 1: Machine Learning for IT
Chapter 1: Machine Learning for IT
Overcoming the historical challenges in IT
Dealing with the plethora of data
The advent of automated anomaly detection
Unsupervised versus supervised ML
Using unsupervised ML for anomaly detection
Applying supervised ML to data frame analytics
Summary
3
Chapter 2: Enabling and Operationalization
Chapter 2: Enabling and Operationalization
Technical requirements
Enabling Elastic ML features
Understanding operationalization
Summary
4
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
5
Chapter 3: Anomaly Detection
Chapter 3: Anomaly Detection
Technical requirements
Elastic ML job types
Dissecting the detector
Detecting changes in metric values
Understanding the advanced detector functions
Splitting analysis along categorical features
Understanding temporal versus population analysis
Categorization analysis of unstructured messages
Managing Elastic ML via the API
Summary
6
Chapter 4: Forecasting
Chapter 4: Forecasting
Technical requirements
Contrasting forecasting with prophesying
Forecasting use cases
Forecasting theory of operation
Single time series forecasting
Looking at forecast results
Multiple time series forecasting
Summary
7
Chapter 5: Interpreting Results
Chapter 5: Interpreting Results
Technical requirements
Viewing the Elastic ML results index
Anomaly scores
Results index schema details
Multi-bucket anomalies
Forecast results
Results API
Custom dashboards and Canvas workpads
Summary
8
Chapter 6: Alerting on ML Analysis
chevron up
Chapter 6: Alerting on ML Analysis
Technical requirements
Understanding alerting concepts
Building alerts from the ML UI
Creating an alert with a watch
Summary
9
Chapter 7: AIOps and Root Cause Analysis
Chapter 7: AIOps and Root Cause Analysis
Technical requirements
Demystifying the term ''AIOps''
Understanding the importance and limitations of KPIs
Moving beyond KPIs
Organizing data for better analysis
Leveraging the contextual information
Bringing it all together for RCA
Summary
10
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Technical requirements
Anomaly detection in Elastic APM
Anomaly detection in the Logs app
Anomaly detection in the Uptime app
Anomaly detection in the Elastic Security app
Summary
11
Section 3 – Data Frame Analysis
Section 3 – Data Frame Analysis
12
Chapter 9: Introducing Data Frame Analytics
Chapter 9: Introducing Data Frame Analytics
Technical requirements
Learning how to use transforms
Using Painless for advanced transform configurations
Working with Python and Elasticsearch
Summary
Further reading
13
Chapter 10: Outlier Detection
Chapter 10: Outlier Detection
Technical requirements
Applying outlier detection in practice
Evaluating outlier detection with the Evaluate API
Hyperparameter tuning for outlier detection
Summary
14
Chapter 11: Classification Analysis
Chapter 11: Classification Analysis
Technical requirements
Classification: from data to a trained model
Taking your first steps with classification
Classification under the hood: gradient boosted decision trees
Hyperparameters
Interpreting results
Summary
Further reading
15
Chapter 12: Regression
Chapter 12: Regression
Technical requirements
Using regression analysis to predict house prices
Using decision trees for regression
Summary
Further reading
16
Chapter 13: Inference
Chapter 13: Inference
Technical requirements
Examining, exporting, and importing your trained models with the Trained Models API
Understanding inference processors and ingest pipelines
Importing external models into Elasticsearch using eland
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think
Appendix: Anomaly Detection Tips
Appendix: Anomaly Detection Tips
Technical requirements
Understanding influencers in split versus non-split jobs
Using one-sided functions to your advantage
Ignoring time periods
Using custom rules and filters to your advantage
Anomaly detection job throughput considerations
Avoiding the over-engineering of a use case
Using anomaly detection on runtime fields
Summary
Why subscribe?

Building alerts from the ML UI

With the release of v7.12, Elastic ML changed its default alert handler from Watcher to Kibana alerting. Prior to v7.12, the user had a choice of accepting a default watch (an instance of a script for Watcher) if alerting was selected from the ML UI, or the user could create a watch from scratch. This section will focus on the new workflow using Kibana alerting as of v7.12, which offers a nice balance of flexibility and ease of use.

To create a working, illustrative example of real-time alerting, we will contrive a scenario using the Kibana sample web logs dataset that we first used in Chapter 3, Anomaly Detection.

The process outlined in this section will be as follows:

  1. Define some sample anomaly detection jobs on the sample data.
  2. Define two alerts on two of the anomaly detection jobs.
  3. Run a simulation of anomalous behavior, to catch that behavior in an alert.

Let's first define the sample anomaly detection jobs.

...
End of Section 4
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete