Machine Learning with the Elastic Stack

coverpage

Title Page

Copyright and Credits

Machine Learning with the Elastic Stack

Dedication

About Packt

Why subscribe?

Packt.com

Contributors

About the authors

About the reviewers

Packt is searching for authors like you

Preface

Who this book is for

What this book covers

To get the most out of this book

Download the example code files

Download the color images

Conventions used

Get in touch

Reviews

Machine Learning for IT

Overcoming the historical challenges

The plethora of data

The advent of automated anomaly detection

Theory of operation

Defining unusual

Learning normal unsupervised

Probability models

Learning the models

De-trending

Scoring of unusualness

Operationalization

Jobs

ML nodes

Bucketization

The datafeed

Supporting indices

.ml-state

.ml-notifications

.ml-anomalies-*

The orchestration

Summary

Installing the Elastic Stack with Machine Learning

Installing the Elastic Stack

Downloading the software

Installing Elasticsearch

Installing Kibana

Enabling Platinum features

A guided tour of Elastic ML features

Getting data for analysis

ML job types in Kibana

Data Visualizer

The Single metric job

Multi-metric job

Population job

Advanced job

Controlling ML via the API

Summary

Event Change Detection

How to understand the normal rate of occurrence

Exploring count functions

Summarized counts

Splitting the counts

Other counting functions

Non-zero count

Distinct count

Counting in population analysis

Detecting things that rarely occur

Counting message-based logs via categorization

Types of messages that can be categorized by ML

The categorization process

Counting the categories

Putting it all together

When not to use categorization

Summary

IT Operational Analytics and Root Cause Analysis

Holistic application visibility

The importance and limitations of KPIs

Beyond the KPIs

Data organization

Effective data segmentation

Custom queries for ML jobs

Data enrichment on ingest

Leveraging the contextual information

Analysis splits

Statistical influencers

Bringing it all together for root cause analysis

Outage background

Visual correlation and shared influencers

Summary

Security Analytics with Elastic Machine Learning

Security in the field

The volume and variety of data

The geometry of an attack

Threat hunting architecture

Layer-based ingestion

Threat intelligence

Investigation analytics

Assessment of compromise