Grouping of alerts from different sources using machine learning

Hi all,

Can Elasticsearch alone or with others tools in the Elastic ecosystem intelligently group alerts from multiple sources based some criteria using machine learning?

As an example, consider a scenario where if database is hosted on a windows host which is utilizing underlying low latency and high throughput storage. The database, windows host and storage are monitored independently and events are sent to Elasticsearch. Any issue in storage will impact storage performance which will in turn impact both windows host and database query execution performance. Due to this, alerts for all three sources will be received in Elasticsearch. The requirement is to intelligently group all three alerts into a single consolidated alert based on criteria like grouping all alerts received in 10 min interval.

Grouping all alerts in a defined interval might be one such criteria. Other examples might be grouping on the basis of originated host or grouping on the basis of similarity in description or grouping on the basis of severity.

Please suggest.

Regards,
Amit Saxena

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.