ELastic ML jobs

vee · November 1, 2023, 4:43pm

I've been researching around the different types of ML anamoly detection jobs in Elasticsearch. Would like to get a second opinion as to what might be the best bet for a particular use case am working on:

100's of hosts - host is a keyword field
Each host has tens of services running on them - service name is a keyword field
Each service logs the service response times in elasticsearch - responseTime is a 'numeric value'

I'm trying to create a job that would model the average response times of each service on a given host and alert if it's trending higher than the median value of the same metric compared to historical occurences.

I don't see an option of creating this in multi-metric as they all have "distinct count" of the hostname/services - which does not help.

Thanks!

Sunile_Manjee · November 2, 2023, 3:50am

If you want to compute average response times of each service on a given host - use transform

And then the median value of the same metric compared to historical occurrences. Create an anomaly detection job using the avg field from the transform output.

system · November 30, 2023, 3:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
ML anomaly detection question Kibana elastic-stack-machine-learning	8	621	February 11, 2020
Log stoppage alert using Machine learning in ELK 7.12 Elasticsearch elastic-stack-machine-learning	6	786	July 20, 2021
ML calculates wrong averages on pre-aggregated data Elasticsearch	8	1217	November 21, 2017
Can we use "sub-partitioning" in ML? Elasticsearch elastic-stack-machine-learning	6	1302	October 5, 2017
If an ML job doesnt find anomalies it will not display anything in the anomaly explorer an in single metric viewer? Elasticsearch elastic-stack-machine-learning	3	400	May 27, 2021

ELastic ML jobs

Related topics