Updated at: 2022-12-09 03:49:50
The machine learning module can provide intelligent data analysis function. Currently, the module supports three types of algorithms to meet different user scenes: single/multi-dimension anomaly detection, time-series forecast and root cause analytics.
► Single/multi-dimension anomaly detection: It is to identify significant differences between data sets and other data objects. Anomaly detection can be divided into single-dimension and multi-dimension anomaly detection according to different dimensions of detected data:
• Single-dimension anomaly: The detection is to detect the data with a single impact dimension, for example, such as request data and response data that do not depend on other variables, with independent statistic dimension;
• Multi-dimension anomaly: The detection is to detect the data with multiple impact dimensions, for example, the monitoring information of a server contains the data with CPU and memory dimensions.
► Time-series forecast: The future trend can be predicted according to the existing historical data. For example, the power consumption of cabinets and racks with stable services can be predicted based on historical data to help data centers reduce resource consumption and save costs;
► Root cause analytics: It is to analyze the root cause of problems, as a method to analyze and solve problems. For example, after detecting or finding anomalies, root cause analytics can be used to find the root cause or main cause of the problem from numerous possible impact factors (a, b, c, d, e, f, g ...). It can help customers carry out rapid investigation and find hidden impact factors that cannot be found by traditional operation methods.
_15.png)
Note:
When data preview, fields aggregation amount may exceed the capacity of bucket that may cause index fetching failure. You can try the following ways to solve the problem.
• Zoom out time range;
• Decrease aggregation fields (levels);
• Enlarge @timestamp aggregations time intervals;
• Increase aggregation bucket numbers for the cluster, and the maximum allowable aggregation fields default as 65536 for a single bucket. As for the solution, do not increase too many buckets for avoiding performance reduction.
► Single/multi-dimension anomaly detection: It is to identify significant differences between data sets and other data objects. Anomaly detection can be divided into single-dimension and multi-dimension anomaly detection according to different dimensions of detected data:
• Single-dimension anomaly: The detection is to detect the data with a single impact dimension, for example, such as request data and response data that do not depend on other variables, with independent statistic dimension;
• Multi-dimension anomaly: The detection is to detect the data with multiple impact dimensions, for example, the monitoring information of a server contains the data with CPU and memory dimensions.
► Time-series forecast: The future trend can be predicted according to the existing historical data. For example, the power consumption of cabinets and racks with stable services can be predicted based on historical data to help data centers reduce resource consumption and save costs;
► Root cause analytics: It is to analyze the root cause of problems, as a method to analyze and solve problems. For example, after detecting or finding anomalies, root cause analytics can be used to find the root cause or main cause of the problem from numerous possible impact factors (a, b, c, d, e, f, g ...). It can help customers carry out rapid investigation and find hidden impact factors that cannot be found by traditional operation methods.
Note:When data preview, fields aggregation amount may exceed the capacity of bucket that may cause index fetching failure. You can try the following ways to solve the problem.
• Zoom out time range;
• Decrease aggregation fields (levels);
• Enlarge @timestamp aggregations time intervals;
• Increase aggregation bucket numbers for the cluster, and the maximum allowable aggregation fields default as 65536 for a single bucket. As for the solution, do not increase too many buckets for avoiding performance reduction.
< Previous:
Next: >