ELastic ML jobs

vee · November 1, 2023, 4:43pm

I've been researching around the different types of ML anamoly detection jobs in Elasticsearch. Would like to get a second opinion as to what might be the best bet for a particular use case am working on:

100's of hosts - host is a keyword field
Each host has tens of services running on them - service name is a keyword field
Each service logs the service response times in elasticsearch - responseTime is a 'numeric value'

I'm trying to create a job that would model the average response times of each service on a given host and alert if it's trending higher than the median value of the same metric compared to historical occurences.

I don't see an option of creating this in multi-metric as they all have "distinct count" of the hostname/services - which does not help.

Thanks!

Sunile_Manjee · November 2, 2023, 3:50am

If you want to compute average response times of each service on a given host - use transform

And then the median value of the same metric compared to historical occurrences. Create an anomaly detection job using the avg field from the transform output.

Topic		Replies	Views
Log stoppage alert using Machine learning in ELK 7.12 Elasticsearch elastic-stack-machine-learning	6	835	July 20, 2021
Creating job: anomaly in the event rate of beats Elasticsearch elastic-stack-machine-learning	2	608	February 19, 2021
ML anomaly detection question Kibana elastic-stack-machine-learning	8	708	February 11, 2020
How to aggregate multiple events coming from different logs with slight different timestamp, when the only field is timestamp to combine those? Logstash elastic-stack-machine-learning	11	2284	December 3, 2021
How do I find these anomalies? Elasticsearch elastic-stack-machine-learning	8	2495	November 1, 2017

ELastic ML jobs

Related topics