Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Machine Learning with the Elastic Stack
  • Toc
  • feedback
Machine Learning with the Elastic Stack

Machine Learning with the Elastic Stack

By : Rich Collier, Camilla Montonen, Bahaaldine Azarmi
5 (9)
close
Machine Learning with the Elastic Stack

Machine Learning with the Elastic Stack

5 (9)
By: Rich Collier, Camilla Montonen, Bahaaldine Azarmi

Overview of this book

Elastic Stack, previously known as the ELK stack, is a log analysis solution that helps users ingest, process, and analyze search data effectively. With the addition of machine learning, a key commercial feature, the Elastic Stack makes this process even more efficient. This updated second edition of Machine Learning with the Elastic Stack provides a comprehensive overview of Elastic Stack's machine learning features for both time series data analysis as well as for classification, regression, and outlier detection. The book starts by explaining machine learning concepts in an intuitive way. You'll then perform time series analysis on different types of data, such as log files, network flows, application metrics, and financial data. As you progress through the chapters, you'll deploy machine learning within Elastic Stack for logging, security, and metrics. Finally, you'll discover how data frame analysis opens up a whole new set of use cases that machine learning can help you with. By the end of this Elastic Stack book, you'll have hands-on machine learning and Elastic Stack experience, along with the knowledge you need to incorporate machine learning in your distributed search and data analysis platform.
Table of Contents (19 chapters)
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the example code files
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1 – Getting Started with Machine Learning with Elastic Stack
Section 1 – Getting Started with Machine Learning with Elastic Stack
Free Chapter
2
Chapter 1: Machine Learning for IT
Chapter 1: Machine Learning for IT
Overcoming the historical challenges in IT
Dealing with the plethora of data
The advent of automated anomaly detection
Unsupervised versus supervised ML
Using unsupervised ML for anomaly detection
Applying supervised ML to data frame analytics
Summary
3
Chapter 2: Enabling and Operationalization
Chapter 2: Enabling and Operationalization
Technical requirements
Enabling Elastic ML features
Understanding operationalization
Summary
4
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
Section 2 – Time Series Analysis – Anomaly Detection and Forecasting
5
Chapter 3: Anomaly Detection
Chapter 3: Anomaly Detection
Technical requirements
Elastic ML job types
Dissecting the detector
Detecting changes in metric values
Understanding the advanced detector functions
Splitting analysis along categorical features
Understanding temporal versus population analysis
Categorization analysis of unstructured messages
Managing Elastic ML via the API
Summary
6
Chapter 4: Forecasting
Chapter 4: Forecasting
Technical requirements
Contrasting forecasting with prophesying
Forecasting use cases
Forecasting theory of operation
Single time series forecasting
Looking at forecast results
Multiple time series forecasting
Summary
7
Chapter 5: Interpreting Results
Chapter 5: Interpreting Results
Technical requirements
Viewing the Elastic ML results index
Anomaly scores
Results index schema details
Multi-bucket anomalies
Forecast results
Results API
Custom dashboards and Canvas workpads
Summary
8
Chapter 6: Alerting on ML Analysis
Chapter 6: Alerting on ML Analysis
Technical requirements
Understanding alerting concepts
Building alerts from the ML UI
Creating an alert with a watch
Summary
9
Chapter 7: AIOps and Root Cause Analysis
Chapter 7: AIOps and Root Cause Analysis
Technical requirements
Demystifying the term ''AIOps''
Understanding the importance and limitations of KPIs
Moving beyond KPIs
Organizing data for better analysis
Leveraging the contextual information
Bringing it all together for RCA
Summary
10
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Chapter 8: Anomaly Detection in Other Elastic Stack Apps
Technical requirements
Anomaly detection in Elastic APM
Anomaly detection in the Logs app
Anomaly detection in the Uptime app
Anomaly detection in the Elastic Security app
Summary
11
Section 3 – Data Frame Analysis
Section 3 – Data Frame Analysis
12
Chapter 9: Introducing Data Frame Analytics
Chapter 9: Introducing Data Frame Analytics
Technical requirements
Learning how to use transforms
Using Painless for advanced transform configurations
Working with Python and Elasticsearch
Summary
Further reading
13
Chapter 10: Outlier Detection
Chapter 10: Outlier Detection
Technical requirements
Applying outlier detection in practice
Evaluating outlier detection with the Evaluate API
Hyperparameter tuning for outlier detection
Summary
14
Chapter 11: Classification Analysis
Chapter 11: Classification Analysis
Technical requirements
Classification: from data to a trained model
Taking your first steps with classification
Classification under the hood: gradient boosted decision trees
Hyperparameters
Interpreting results
Summary
Further reading
15
Chapter 12: Regression
Chapter 12: Regression
Technical requirements
Using regression analysis to predict house prices
Using decision trees for regression
Summary
Further reading
16
Chapter 13: Inference
Chapter 13: Inference
Technical requirements
Examining, exporting, and importing your trained models with the Trained Models API
Understanding inference processors and ingest pipelines
Importing external models into Elasticsearch using eland
Summary
17
Other Books You May Enjoy
Other Books You May Enjoy
Packt is searching for authors like you
Leave a review - let other readers know what you think
Appendix: Anomaly Detection Tips
chevron up
Appendix: Anomaly Detection Tips
Technical requirements
Understanding influencers in split versus non-split jobs
Using one-sided functions to your advantage
Ignoring time periods
Using custom rules and filters to your advantage
Anomaly detection job throughput considerations
Avoiding the over-engineering of a use case
Using anomaly detection on runtime fields
Summary
Why subscribe?

Using one-sided functions to your advantage

Many people realize the usefulness of one-sided functions in ML, such as low_count and high_mean, to allow for the detection of anomalies only on the high side or on the low side. This is useful when you only care about a drop in revenue or a spike in response time.

However, when you care about deviations in both directions, you are often inclined to use just the regular function (such as count or mean). However, on some datasets, it is more optimal to use both the high and low versions of the function as two separate detectors. Why is this the case and under what conditions, you might ask?

The condition where this makes sense is when the dynamic range of the possible deviations is asymmetrical. In other words, the magnitude of potential spikes in the data is far, far bigger than the magnitude of the potential drops, possibly because the count or sum of something cannot be less than zero. Let's look at the following screenshot...

End of Section
Next Section
bookmark search playlist font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete