ELastic ML jobs

vee · November 1, 2023, 4:43pm

I've been researching around the different types of ML anamoly detection jobs in Elasticsearch. Would like to get a second opinion as to what might be the best bet for a particular use case am working on:

100's of hosts - host is a keyword field
Each host has tens of services running on them - service name is a keyword field
Each service logs the service response times in elasticsearch - responseTime is a 'numeric value'

I'm trying to create a job that would model the average response times of each service on a given host and alert if it's trending higher than the median value of the same metric compared to historical occurences.

I don't see an option of creating this in multi-metric as they all have "distinct count" of the hostname/services - which does not help.

Thanks!

Sunile_Manjee · November 2, 2023, 3:50am

If you want to compute average response times of each service on a given host - use transform

And then the median value of the same metric compared to historical occurrences. Create an anomaly detection job using the avg field from the transform output.

system · November 30, 2023, 3:51am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.