Good Morning,
Ran into a weird use case and wondering if anyone has suggestions. We have a couple thousand endpoints sending winlogbeats to our cluster, and we are trying to provide some kind of visibility into uptime or percentage of hosts reporting in. I am wondering if this is something we can set up in machine learning.
Wondering if you guys have any thoughts or suggestions on the matter.
Thanks,
Alex
Using ML you could create a job which looks at time of day or time of week anomalies split over the hosts. This way if a hosts is active on a anomalous time you will know.
A second detector could be count of events split on hosts as well as the same but to the population.
Another option you have is to switch to fleet, which will show you what agents are online/offline.
sure an ML job that queries the metricbeat index and does a low_count partitioned (split) on hostname should do the trick. If the volume of documents ingested by any beat suddenly drops, it will be flagged as anomalous and you can optionally alert upon that.
But, I will say that you probably can build a Watch (similar to what's discussed here) to accomplish it without the need for ML.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.