Packt+ | Advance your knowledge in tech

You're reading from Learning Kibana 5.0

Product typeBook

Published inFeb 2017

Reading LevelBeginner

PublisherPackt

ISBN-139781786463005

Edition1st Edition

Languages

Java

Tools

Kibana Elasticsearch

Concepts

Data Visualization

Author (1)

Bahaaldine Azarmi

Chapter 8. Anomaly Detection in Kibana 5.0

In September 2016, Elastic announced the acquisition of Prelert, now called Machine Learning, a behavioral analytics company. Prelert combines an anomaly detection engine, Elasticsearch for storing the analysis, and Kibana for visualizing the analysis.

The anomaly detection engine brings unsupervised machine learning capabilities to the Elastic Stack so that Prelert is able to learn from the data as it ingests them, and can highlight events that deviate from expectations.

In this chapter we'll explore the following:

Applying the use case of Prelert to find a solution in anomaly detection
Using Prelert and Kibana for operational analytics
Leveraging Timelion, X-Pack alerting, and reporting features to visualize and be apprised of anomalies

Tip

As a disclaimer, the version of Prelert used in this chapter is an exclusive preview of what Prelert will look like in the upcoming GA version. It's not a public version. At the time of writing this chapter, the current...

Understanding the concept of anomaly detection

In this section, we'll try to summarize how Prelert solves the challenge of anomaly detection by first understanding why data visualization is a sufficient medium when it comes to pointing out an anomaly, and then we'll see why traditional alerting systems cannot be used at scale for anomaly detection.

Understanding human limits with regard to data visualization

Anomaly detection is the art of detecting things that shouldn't occur, or that differ from normal occurrences. Anomaly detection is the general name given to a statistical modeling technique used to identify unusual patterns in time-based events.

If we take the following dashboard, we can see different things happening:

IT ops dashboard with potential anomalies

In the preceding screenshot, we can see a significant drop in the first graph (point 1). This looks suspicious, and may indicate a problem. Now, compared with the rest of the charts alongside it, we see that the increases in points...

Using Prelert for operational analytics

In this section, we'll use what we learned in Chapter 5, Metric Analytics with Metricbeat and Kibana 5.0 and apply it to Prelert. The idea is to use Metricbeat to generate system data and analyze the CPU utilization, as well as to detect anomalies. We'll run Metricbeat on our machines; you can do the same on a different machine, if you have some on Amazon, for instance. Wherever you do it, we'll also run a stress tool to generate CPU utilization, just to facilitate the demo so that we are sure that we have the anomalies.

The first thing to do is download Metricbeat, install it, and import Kibana dashboards, as shown in Chapter 5, Metric Analytics with Metricbeat and Kibana 5.0; refer to this chapter for more details. Once installed, run Metricbeat and start generating data.

Setting up Prelert

At the time of writing, only four weeks have passed since Prelert was acquired by Elastic, which means that the integration of Prelert in Elastic Stack is still...

Combining Prelert, alerting, and Timelion

Prelert detects anomalies in data indexed in Elasticsearch, stores its results in Elasticsearch, but also provides out of the box dashboards to explore and understand anomalies. The Elastic stack provides a holistic platform for data analysis, in which we can just pick products to extend our anomaly detection experience. X-Pack alerting is the first choice as it could consume Prelert results to trigger relevant and accurate alerts. Timelion is also a fantastic choice to correlate the anomaly detection result to source data by using the statistics functions and customization features that it offers.

As said earlier, Prelert exposes a REST API that allows you to manage a job and get the result of the analysis.

Job details and endpoints

The preceding image details an Endpoint links section in which the REST APIs that we are going to use for alerting are listed. All APIs are documented at http://www.prelert.com/docs/products/latest/engine_api_reference...

Summary

In this chapter, we have seen why traditional approaches to anomy detection quickly converge to their limit, whether from a human point of view (because of the amount of information to digest); or from the technical point of view where traditional statistical methodologies generate false positives or true negatives. Then we leverage the dataset and use cases build in the previous chapter to illustrate how Kibana can be used for anomaly detection based on the unsupervised machine learning feature that Machine Learning brings to the Elastic Stack.

In the next and final chapters, we'll tackle the subject of Kibana custom plugin creation by first setting up the development environment and then implementing the plugin.

The rest of the chapter is locked

You have been reading a chapter from

Learning Kibana 5.0

Published in: Feb 2017Publisher: PacktISBN-13: 9781786463005

A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.

undefined

Unlock this book and the full library FREE for 7 days

Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of

Start free trial

Renews at $15.99/month. Cancel anytime

Author (1)

Bahaaldine Azarmi

Bahaaldine Azarmi, Global VP Customer Engineering at Elastic, guides companies as they leverage data architecture, distributed systems, machine learning, and generative AI. He leads the customer engineering team, focusing on cloud consumption, and is passionate about sharing knowledge to build and inspire a community skilled in AI.
Read more about Bahaaldine Azarmi

Other recommended products

Related to this chapter

Learning Kibana 7

This book will introduce you to Kibana 7, and will show you how it fits into the Elastic stack. You will build a pure metric analytics architecture and visualize it using Timelion. You will also learn how to build relationships between documents using Graph visualization. You will also learn to build powerful Elastic dashboards using Kibana.

BookJul 2019280 pages

Mastering Kibana 6.x

Mastering Kibana 6.x provides a rundown explanation required for data visualization and analysis such as X-Pack features, Beats, and machine learning. You will be expert in creating analytics-driven visualizations from a web application. You will be a maestro in creating custom monitoring dashboard using Beats with various examples

BookJul 2018376 pages

Kibana 7 Quick Start Guide

Kibana is the visualization tool of the Elastic Stack, used for visualizing the results of the queries as well the dashboards generated out of the Elasticsearch and Logstash components. This book contains core concepts of Kibana with a straightforward form of chapters so that reader can move forward in a step by step manner.

BookJan 2019172 pages

Machine Learning with the Elastic Stack

Elastic has announced the integration of Prelert machine learning technology within its ecosystem allowing real-time generation of business insights from the Elasticsearch data without it leaving the cluster at all. This book will demonstrate these unique features and teach you to perform machine learning on the Elastic Stack without any hassle.

BookJan 2019304 pages

Learning Elasticsearch

Elasticsearch is a Lucene-based search and analytics engine for distributed search and analytics. This book will be your hands-on guide as you explore and put to use the features of Elasticsearch 5.x.

BookJun 2017404 pages

Learning Elastic Stack 6.0

This book will give you a fundamental understanding of what the stack is all about, and how to use it efficiently to build powerful real-time data processing applications. It provide in-depth coverage of the different components of the Elastic Stack, and how to use them all together.

BookDec 2017434 pages

Learning Elastic Stack 7.0

This book teaches you about every component of the Elastic Stack - including Elasticsearch, Kibana, Logstash, and X-pack - with new and the updated features that are released with the 7.0 version. With the help of this book, you will be able to develop enterprise-grade distributed search and analytics applications for your data without any hassle.

BookMay 2019474 pages

Mastering Elastic Stack

BookFeb 2017526 pages

Mastering Elasticsearch 5.x

This book will help you leverage Elasticsearch, guiding you through everything from writing and creating customized plugins to extend Elasticsearch to tackling challenges while handling relational data in Elasticsearch. You’ll learn with the help of practical examples in a step-by-step way.

BookFeb 2017428 pages

Elasticsearch 5.x Cookbook

BookFeb 2017696 pages

Machine Learning with the Elastic Stack

Machine Learning with the Elastic Stack, Second Edition, provides a comprehensive overview of Elastic Stack's machine learning features for both time series data analysis as well as for supervised learning and unsupervised learning that helps make machine learning truly operational for you.

BookMay 2021450 pages

Personalised recommendations for you

Based on your interests and search pattern

Et al.

Ever wonder why speech recognition systems don't understand the Scottish accent, or what would happen if an astronaut only ate mac 'n' cheese, or other spurious reflections you'd have at a bar? We did, then collated those deliberations into absurd research articles with fake figures and methodologies inspired by even more fictionally absurd studies.

BookAug 2023230 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages4

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages1

Generative AI with LangChain

This book is a comprehensive introduction to LLMs and LangChain, demystifying the basic mechanics of LangChain, its functionalities, and the myriad of applications it can be integrated into.

BookDec 2023360 pages5

Mastering Tableau 2023

This book is a comprehensive resource to mastering your Tableau skills and becoming a BI expert. As you progress, you will learn how to build advanced dashboards and improve your storytelling to derive key business insight, as well as make you well-versed with advanced functionalities of Tableau in the business intelligence domain.

BookAug 2023684 pages

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages5

Building AI Applications with ChatGPT APIs

This guide covers all ChatGPT API features for effortless creation of robust AI powered apps. With its help, you’ll be able to leverage ChatGPT’s cutting-edge NLP models to take your app development skills to the next level. You’ll also work on ten exciting projects that will give you the practical know-how that you can apply to your existing applications.

BookSep 2023258 pages2

Data Engineering with AWS

Embark on a journey to master data engineering pipelines on AWS! Our book offers a hands-on experience of AWS services for ingesting, transforming, and consuming data. Whether you're an absolute beginner or someone with basic data engineering experience, this guide is an indispensable resource.

BookOct 2023636 pages5

Modern Data Architecture on AWS

Every organization wants an agile, performant, and cost-effective data platform that meets all their current and future business needs. Purpose-built AWS analytics services and their features play a big part in building such a modern data platform. This book brings to you all the design and architectural patterns that’ll help you achieve this goal.

BookAug 2023420 pages5

Practical Guide to Applied Conformal Prediction in Python

Discover the power of Conformal Prediction with the "Practical Guide to Applied Conformal Prediction in Python." Master the latest techniques to quantify uncertainty in machine learning and computer vision models, and seamlessly apply them to your industry applications.

BookDec 2023240 pages

TinyML Cookbook

With over 70 project-based recipes, the TinyML Cookbook is a practical guide that will help you to get the most out of your microcontrollers. It provides a comprehensive understanding of the theoretical foundations while giving you hands-on experience training ML models for deployment on Arduino Nano 33 BLE Sense, Raspberry Pi Pico, and SparkFun RedBoard Artemis Nano microcontrollers.

BookNov 2023664 pages