Detect outliers in non timeline based data

Is it possible to detect outliers in non timeline based data with Elastic ?

I have a data set with lots of fields, in which timestamps/timelines are not relevant.
The goal is to find field value patterns that do not match desired patterns. The desired patterns should be definable in a quick and easy way, then letting the machine learning find outliers in the population. A further option even would be the machine learning find outliers / anomalies without the help of any predefined desired patterns.

And the reporting then plotting an outlier grid.


Yes, as of v7.3 it is possible with an outlier_detection job. In v7.4, we have added a UI so that you don't need to create/run it via the API.

See for an example that uses the built-in demo data in Kibana.

I see it's limited to numeric fields (in 7.4.0). Will non-numerics be supported in the future ?

Perhaps it will be supported in the future - and if you could describe your use-case and requirements in more depth, that might help guide future development work! Like, for example, sample field values, examples of what you would consider an outlier value, etc. Thanks in advance!

We manage lots of assets (workstations, servers, peripherals), applications, servers, users, services, etc. All have a lot of attribute fields. Most of these fields are non-numeric.

The use case is to get outliers e.g. from user view point e.g. users that do not have the correct authorizations to run a service, don't have correct workstation resources, registry settings, application/driver versions installed etc. The expanded user attribute field list may content a couple 100s of fields. The use case is to define/select a set of correct users with correct attribute field lists to run that service, then let the machine learning get the outliers.


1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.