A Practical Guide to Anomaly Detection for DevOps

•

18 j'aime•8,459 vues

Recent years have seen an explosion in the volumes of data that modern production environments generate. Making fast educated decisions about production incidents is more challenging than ever. BigPanda's team is passionate about solutions such as anomaly detection that tackle this very challenge.

Logiciels

Guide to
Anomaly
Detection
A Practical
for DevOps

2 categories
Anomaly Detection
log analysis metric analysis

log analysis
identify suspicious event
patterns in log files

metric analysis
identify misbehaving
time-series metrics

Why is anomaly detection worth our time?
1
It reveals dangerous patterns
that previously were undetected
The static nature of rule-based and threshold-based alerts
encourages
a) false positives during peak times
b) false negatives during quieter times 2

Why is anomaly detection worth our time?
It reveals dangerous patterns
that previously were undetected
12
The static nature of rule-based and threshold-based alerts
encourages
a) false positives during peak times
b) false negatives during quieter times

Anomaly Detective by Prelert
• Product: Anomaly Detective for Splunk
• Pricing: $0-$225 / month (quote-based pricing > 10GB)
• Setup: On premise (OS X, Windows, Linux & SunOS)
• Installation: Easy (with Splunk Enterprise)
• Main Datatype: Log lines

Anomaly Detective by Prelert
Highlights:
• Capable of consuming any stream of machine-data
• Can identify rare or unusual messages.
• A robust REST API, which can process almost any data feed
• Offers an out-of-the-box app for Splunk Enterprise
• Extends the Splunk search language with verbs tailored for anomaly
detection

Sumo Logic
• Pricing: Quote-based
• Setup: SaaS (+ on-premise data collectors)
• Ease of Installation: Average (deploy Sumo Logic's full solution)
• Main Datatype: Log lines

Sumo Logic
Highlights:
• LogReduce: a useful log crunching capability which consolidates
thousands of log lines into just a few items by detecting recurring patterns.
• Sumo Logic scans your historical data to evaluate a baseline of normal
data rates. Then it focuses on the last few minutes and looks for rates
above or below the baseline.
• Anomaly detection will work even if the log lines are not exactly identical.

Grok
• Pricing: $219/month for 200 instances & custom metrics
• Setup: Dedicated AWS instance
• Ease of Installation: Easy
• Main Datatype: System Metrics

Grok
Highlights:
• Designed to monitor AWS (works with EC2, EBS, ELB, RDS).
• Grok API for custom metrics (it’s fairly easy to process data from statsd).
• Warns you in real time.
• Customizable alerts for email or mobile notifications.
• Grok uses their Android mobile app as their main UI.
• Installation requires a dedicated Grok instance in your cloud environment.

Skyline
• Pricing: Open source
• Setup: On-premise
• Ease of Installation: Average (need python, redis and graphite)
• Main Datatype: System Metrics

Skyline
Highlights:
• Etsy’s minimalist web UI lists anomalies & visualizes underlying graphs.
• Horizon accepts time-series data via TCP & UDP inputs.
• Stream Graphite metrics into Horizon. Horizon uploads data to a redis
instance where it is processed by Analyzer - a python daemon helping to find
time-series which are behaving abnormally.
• Oculus, the other half of the Kale stack, is a search engine for graphs. Input
one graph then locate other graphs that behave like it. Detect an anomaly
using Skyline, then use Oculus to search for graphs that are suspiciously
correlated to the offending graph.

But detecting anomalies
!
is only half the battle...

BigPanda + Anomaly Detection
BigPanda uses an algorithmic,
data science approach to
simplify & automate incident
management
!
!
incident
!
management
!
Anomaly Detection

Come take a look at what
BigPanda is building!
http://bigpanda.io
Follow us
online!

Contenu connexe

Tendances

CNIT 152: 4 Starting the Investigation & 5 Leads

Sam Bowne

.conf Go 2022 - Observability Session

Splunk

Intrusion Detection Systems and Intrusion Prevention Systems

Cleverence Kombe

"Customers are migrating their analytics, data processing (ETL), and data science workloads running on Apache Hadoop/Spark to AWS in order to save costs, increase availability, and improve performance. In this session, AWS customers Airbnb and Guardian Life discuss how they migrated their workload to Amazon EMR. This session focuses on key motivations to move to the cloud. It details key architectural changes and the benefits of migrating Hadoop/Spark workloads to the cloud. "

Migrate Your Hadoop/Spark Workload to Amazon EMR and Architect It for Securit...

Amazon Web Services

Cassandra and OpsCenter has a range of backup and restore topics. I will start with a basic overview of Cassandra backup/restore, walking through the operational steps to provide the understanding required to perform an on disk backup and restore. Expanding on this overview, I'll cover the limitations (including schema requirements) and their impact on the restore process. Further, I'll discuss commit log archiving and point in time restore operations. After covering the underlying operations, I'll wrap up with a discussion of how OpsCenter automates this process and leverages S3.

DataStax: Backup and Restore in Cassandra and OpsCenter

DataStax Academy

Do You Really Need to Evolve From Monitoring to Observability?

Splunk

Your adversaries continue to attack and get into companies. You can no longer rely on alerts from point solutions alone to secure your network. To identify and mitigate these advanced threats, analysts must become proactive in identifying not just indicators, but attack patterns and behavior. In this workshop we will walk through a hands-on exercise with a real world attack scenario. The workshop will illustrate how advanced correlations from multiple data sources and machine learning can enhance security analysts capability to detect and quickly mitigate advanced attacks.

Threat Hunting with Splunk

Splunk

Observability & Datadog

JamesAnderson599331

Observability has emerged as one of the hottest topics on the DevOps landscape. Organizations seek to improve visibility into their cloud infrastructure and applications and identify production issues that may negatively impact #customerexperience. ➡️ But what are some of the best practices for scaling observability for modernapplications? ➡️ What challenges are #cloudplatforms facing? Explore how to overcome the challenges and unlock speed, observability, and automation across your DevOps lifecycle.

Observability at Scale

Knoldus Inc.

Honeypots (Ravindra Singh Rathore)

Ravindra Singh Rathore

Splunk for IT Operations

Splunk

When interacting with analytics dashboards, in order to achieve a smooth user experience, two major key requirements are quick response time and data freshness. To meet the requirements of creating fast interactive BI dashboards over streaming data, organizations often struggle with selecting a proper serving layer. Cluster computing frameworks such as Hadoop or Spark work well for storing large volumes of data, although they are not optimized for making it available for queries in real time. Long query latencies also make these systems suboptimal choices for powering interactive dashboards and BI use cases. This talk presents an open source real-time data analytics stack using Apache Kafka, Druid, and Superset. The stack combines the low-latency streaming and processing capabilities of Kafka with Druid, which enables immediate exploration and provides low-latency queries over the ingested data streams. Superset provides the visualization and dashboarding that integrates nicely with Druid. In this talk we will discuss why this architecture is well suited to interactive applications over streaming data, present an end-to-end demo of complete stack, discuss its key features, and discuss performance characteristics from real-world use cases. NISHANT BANGARWA, Software engineer, Hortonworks

Interactive real-time dashboards on data streams using Kafka, Druid, and Supe...

DataWorks Summit

ExtraHop Product Overview Datasheet

ExtraHop Networks

Everyone wants observability into their system, but find themselves with too many vendors and tools, each with its own API, SDK, agent and collectors. In this talk I will present OpenTelemetry, an ambitious open source project with the promise of a unified framework for collecting observability data. With OpenTelemetry you could instrument your application in a vendor-agnostic way, and then analyze the telemetry data in your backend tool of choice, whether Prometheus, Jaeger, Zipkin, or others. I will cover the current state of the various projects of OpenTelemetry (across programming languages, exporters, receivers, protocols), some of which not even GA yet, and provide useful guidance on how to get started with it.

THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io

DevOpsDays Tel Aviv

Introducing Confluent Cloud: Apache Kafka as a Service

confluent

For some, observability is just a hollow rebranding of monitoring, for others it’s monitoring on steroids. But what if we told you observability is the new way to find out why—not just if—your distributed system or application isn’t working as expected? Today, we see that traditional monitoring approaches can fall short if a system or application doesn’t adequately externalize its state. This is truer as workloads move into the cloud and leverage ephemeral technologies, such as microservices and containers. To reach observability, IT and DevOps teams need to correlate different sources from logs, metrics, traces, events and more. This becomes even more challenging when defining the online revenue impact of a failed container—after all, this is what really matters to the business. This webinar will cover: The differences between observability and monitoring Why it is a bigger challenge in a multicloud and containerized world How observability results in less firefighting and more fire prevention How new platforms can help gain observability (on premises and in the cloud) for containers, microservices and even SAP or mainframes

More Than Monitoring: How Observability Takes You From Firefighting to Fire P...

DevOps.com

Windows Threat Hunting

GIBIN JOHN

This session will unveil the power of the Splunk Search Processing Language (SPL). See how to use Splunk's simple search language for searching and filtering through data, charting statistics and predicting values, converging data sources and grouping transactions, and finally data science and exploration. We'll begin with basic search commands and build up to more powerful advanced tactics to help you harness your Splunk Fu!

Power of Splunk Search Processing Language (SPL)

Splunk

Threat Hunting

Splunk

Running Apache NiFi with Apache Spark : Integration Options

Timothy Spann

Tendances (20)

CNIT 152: 4 Starting the Investigation & 5 Leads

.conf Go 2022 - Observability Session

Intrusion Detection Systems and Intrusion Prevention Systems

Migrate Your Hadoop/Spark Workload to Amazon EMR and Architect It for Securit...

DataStax: Backup and Restore in Cassandra and OpsCenter

Do You Really Need to Evolve From Monitoring to Observability?

Threat Hunting with Splunk

Observability & Datadog

Observability at Scale

Honeypots (Ravindra Singh Rathore)

Splunk for IT Operations

Interactive real-time dashboards on data streams using Kafka, Druid, and Supe...

ExtraHop Product Overview Datasheet

THE STATE OF OPENTELEMETRY, DOTAN HOROVITS, Logz.io

Introducing Confluent Cloud: Apache Kafka as a Service

More Than Monitoring: How Observability Takes You From Firefighting to Fire P...

Windows Threat Hunting

Power of Splunk Search Processing Language (SPL)

Threat Hunting

Running Apache NiFi with Apache Spark : Integration Options

Similaire à A Practical Guide to Anomaly Detection for DevOps

Deep dive time series anomaly detection with different Azure Data Services

Marco Parenzan

Skynet project: Monitor, analyze, scale, and maintain a system in the Cloud

Sylvain Kalache

DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap

Felipe Prado

Deep Dive Time Series Anomaly Detection in Azure with dotnet

Marco Parenzan

DataEngConf SF16 - Scalable and Reliable Logging at Pinterest

Hakka Labs

At Pinterest, hundreds of services and third-party tools that are implemented in various programming languages generate billions of events every day. To achieve scalable and reliable low latency logging, there are several challenges: (1) uploading logs that are generated in various formats from tens of thousands of hosts to Kafka in a timely manner; (2) running Kafka reliably on Amazon Web Services where the virtual instances are less reliable than on-premises hardware; (3) moving tens of terabytes data per day from Kafka to cloud storage reliably and efficiently, and guaranteeing exact one time persistence per message. In this talk, we will present Pinterest’s logging pipeline, and share our experience addressing these challenges. We will dive deep into the three components we developed: data uploading from service hosts to Kafka, data transportation from Kafka to S3, and data sanitization. We will also share our experience in operating Kafka at scale in the cloud.

Scalable and Reliable Logging at Pinterest

Krishna Gade

Time Series Anomaly Detection with Azure and .NETT

Marco Parenzan

A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)

Spark Summit

20140708 - Jeremy Edberg: How Netflix Delivers Software

DevOps Chicago

NGINX just works and that's why we use it. That does not mean that it should be left unmonitored. As a web server, it plays a central role in a modern infrastructure. As a gatekeeper, it sees every interaction with the application. If you monitor it properly it can explain a lot about what is happening in the rest of your infrastructure. In this talk you will learn more about NGINX (plus) metrics, what they mean and how to use them. You will also learn different methods (status, statsd, logs) to monitor NGINX with their pros and cons, illustrated with real data coming from real servers.

Monitoring NGINX (plus): key metrics and how-to

Datadog

Cassandra in xPatterns

DataStax Academy

Monitoring is complicated, and in most organizations consists of far too many tools owned by too many teams. Fixing monitoring issues requires people, process, and technology. Hear common issues seen in the real world including what should be monitored or collected from a technology and a business perspective. Investigate what instrumentation is most scalable and effective across languages, commonly used APIs, and possibilities for capturing data from common languages like Java, .NET, and PHP. Cover browser and mobile instrumentation techniques. Get tips on which APIs to use, what open source tools and frameworks can be leveraged, and how to coordinate and communicate requirements across your organization. Key takeaways: o What is instrumentation, and what to instrument, collect, and store o How this can be accomplished on common software stacks o How to work with application owners to collect business data o How correlation works in custom open source or packaged monitoring tools For more information, go to: www.appdynamics.com

Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16

AppDynamics

Spark Technology Center IBM

DataWorks Summit/Hadoop Summit

Building a data pipeline to ingest data into Hadoop in minutes using Streamse...

Guglielmo Iozzia

Break -> inspect -> fix is the Ops workflow for infrastructure stacks of the past. Distributed infrastructure and applications claim to be the new generation, but why is it so much more painful to maintain and troubleshoot them? Much of the pain comes from outdated operational models relying on reactive or, worse yet, manual monitoring and Ops. This talk lays out a proactive Ops model for container infrastructure. By focusing on event monitoring, infrastructure state monitoring, trend analysis, and distributed log collection, a proactive Ops model delivers observability for distributed apps that was not possible before. Using real-world examples from Swarm and Kubernetes, we'll demonstrate the tools used and how we relieve Ops pain in container orchestration.

Proactive ops for container orchestration environments

Docker, Inc.

In this deck from the Stanford HPC Conference, Ryan Quick from Providentia Worldwide presents: High Availability HPC ~ Microservice Architectures for Supercomputing. "Microservices power cloud-native applications to scale thousands of times larger than single deployments. We introduce the notion of microservices for traditional HPC workloads. We will describe microservices generally, highlighting some of the more popular and large-scale applications. Then we examine similarities between large-scale cloud configurations and HPC environments. Finally we propose a microservice application for solving a traditional HPC problem, illustrating improved time-to-market and workload resiliency." Watch the video: https://insidehpc.com/2018/02/high-availability-hpc-microservice-architectures-supercomputing/ Learn more: http://www.providentiaworldwide.com/ and http://hpcadvisorycouncil.com Sign up for our insideHPC Newsletter: http://insidehpc.com/newsletter

High Availability HPC ~ Microservice Architectures for Supercomputing

inside-BigData.com

Netflix accounts for more than a third of all traffic heading into American homes at peak hours. Making sure users are getting the best possible experience at all times is no simple feat and performance is at the core of this experience. In order to ensure performance and maintain development agility in a highly decentralized environment/(organization?), Netflix employs a multitude of strategies, such as production canary analysis, fully automated performance tests, simple zero-downtime deployments and rollbacks, auto-scaling clusters and a fault-tolerant stateless service architecture. We will present a set of use cases that demonstrate how and why different groups employ different strategies to achieve a common goal, great performance and stability, and detail how these strategies are incorporated into development, test and DevOps with minimal overhead.

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Martin Spier

Prometheus - Intro, CNCF, TSDB,PromQL,Grafana

Sridhar Kumar N

Lessons learned from embedding Cassandra in xPatterns

Claudiu Barbura

"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...

SegInfo

Similaire à A Practical Guide to Anomaly Detection for DevOps (20)

Deep dive time series anomaly detection with different Azure Data Services

Skynet project: Monitor, analyze, scale, and maintain a system in the Cloud

DEF CON 27 - CHRISTOPHER ROBERTS - firmware slap

Deep Dive Time Series Anomaly Detection in Azure with dotnet

DataEngConf SF16 - Scalable and Reliable Logging at Pinterest

Scalable and Reliable Logging at Pinterest

Time Series Anomaly Detection with Azure and .NETT

A Big Data Lake Based on Spark for BBVA Bank-(Oscar Mendez, STRATIO)

20140708 - Jeremy Edberg: How Netflix Delivers Software

Monitoring NGINX (plus): key metrics and how-to

Cassandra in xPatterns

Monitoring and Instrumentation Strategies: Tips and Best Practices - AppSphere16

Spark Technology Center IBM

Building a data pipeline to ingest data into Hadoop in minutes using Streamse...

Proactive ops for container orchestration environments

High Availability HPC ~ Microservice Architectures for Supercomputing

Ensuring Performance in a Fast-Paced Environment (CMG 2014)

Prometheus - Intro, CNCF, TSDB,PromQL,Grafana

Lessons learned from embedding Cassandra in xPatterns

"Automated Malware Analysis" de Gabriel Negreira Barbosa, Malware Research an...

Dernier

GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates

Neo4j

AI/ML Infra Meetup May. 23, 2024 Organized by Alluxio For more Alluxio Events: https://www.alluxio.io/events/ Speaker: - Lu Qiu (Data & AI Platform Tech Lead, @Alluxio) - Siyuan Sheng (Senior Software Engineer, @Alluxio) Speed and efficiency are two requirements for the underlying infrastructure for machine learning model development. Data access can bottleneck end-to-end machine learning pipelines as training data volume grows and when large model files are more commonly used for serving. For instance, data loading can constitute nearly 80% of the total model training time, resulting in less than 30% GPU utilization. Also, loading large model files for deployment to production can be slow because of slow network or storage read operations. These challenges are prevalent when using popular frameworks like PyTorch, Ray, or HuggingFace, paired with cloud object storage solutions like S3 or GCS, or downloading models from the HuggingFace model hub. In this presentation, Lu and Siyuan will offer comprehensive insights into improving speed and GPU utilization for model training and serving. You will learn: - The data loading challenges hindering GPU utilization - The reference architecture for running PyTorch and Ray jobs while reading data from S3, with benchmark results of training ResNet50 and BERT - Real-world examples of boosting model performance and GPU utilization through optimized data access

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

Alluxio, Inc.

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

Neo4j

Agnieszka Andrzejewska - BIM School Course in Kraków

bim.edu.pl

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

kalichargn70th171

AI/ML Infra Meetup | Perspective on Deep Learning Framework

Alluxio, Inc.

The Impact of PLM Software on Fashion Production

Wave PLM

Workforce Efficiency with Employee Time Tracking Software.pdf

DeskTrack

10 Essential Software Testing Tools You Need to Know About.pdf

kalichargn70th171

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

XfilesPro

In his book, The Nature of the Physical World, Sir Arthur Eddington commented that “We have to appeal to the one outstanding law — the second law of thermodynamics — to put some sense into the world.” This sense-making goes beyond the physical world, too. Entropy is also essential in the fields of information and communication theory. During this lecture for the Princeton Plasma Physics Laboratory, lecturer Andrea Goulet discussed the application of entropy-related concepts in two communication systems: software and collaborative teams. She examined how concepts that help us understand systemic statistical disorder, such as ergodic systems, Lyapunov exponents, Kolmogorov-Sinai entropy, and Shannon-entropy can help us optimize for both software quality and innovation. She also provided several domain-specific models: Lehman’s Laws and Conway’s Law for software, as well as new models from her own research that relate to entropy and innovation. Entropy helps us understand the world and achieve great things. There is an underlying beauty in its principles that we can use to advance scientific discovery. When we understand the subtleties related to balancing surprise and structure, we increase our chances for effective collaboration and finding novel solutions to complex problems.

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

Andrea Goulet

OpenChain @ LF Japan Executive Briefing - May 2024

Shane Coughlan

Scenarios are the central artifact of the Behaviour Driven Development (BDD) process. Although many teams use scenarios and tools like Cucumber or SpecFlow to automate them, in many cases their scenarios contain a lot of details, particularly test data, and therefore they become too complicated to support collaboration with the business. The "essential" principle of scenario writing (scenario formulation) states that only those details should be included in the scenario that are relevant for the outcome. This talk provides help for those who struggle implementing this principle or would be interested to learn how you can create brief and maintainable scenarios.

Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)

Gáspár Nagy

Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf

Victor Lopez

Crafting the Perfect Measurement Sheet with PLM Integration

Wave PLM

Migrating your customer service data from Gorgias to Re:amaze can greatly enhance your support operations, but it requires detailed planning and precise execution. "A Guideline to Gorgias to Re:amaze Data Migration" is crafted to help businesses manage this transition smoothly and efficiently. This comprehensive guide ensures that all aspects of the data migration process are covered, from initial planning to post-migration support.

A Guideline to Gorgias to to Re:amaze Data Migration

Help Desk Migration

Migrating your customer service data from Zendesk to Re:amaze can significantly enhance your support operations, but it requires careful planning and execution. "A Guideline to Zendesk to Re:amaze Data Migration" is designed to assist businesses in managing this transition smoothly and efficiently. This comprehensive guide covers all aspects of the data migration process, ensuring that your data is transferred accurately and effectively.

A Guideline to Zendesk to Re:amaze Data Migration

Help Desk Migration

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Abortion Clinic

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

rajkumar669520

Studiovity film pre-production and screenwriting software

info611746

Dernier (20)

GraphSummit Stockholm - Neo4j - Knowledge Graphs and Product Updates

AI/ML Infra Meetup | Improve Speed and GPU Utilization for Model Training & S...

KLARNA - Language Models and Knowledge Graphs: A Systems Approach

Agnieszka Andrzejewska - BIM School Course in Kraków

A Comprehensive Appium Guide for Hybrid App Automation Testing.pdf

AI/ML Infra Meetup | Perspective on Deep Learning Framework

The Impact of PLM Software on Fashion Production

Workforce Efficiency with Employee Time Tracking Software.pdf

10 Essential Software Testing Tools You Need to Know About.pdf

How Does XfilesPro Ensure Security While Sharing Documents in Salesforce?

Entropy, Software Quality, and Innovation (presented at Princeton Plasma Phys...

OpenChain @ LF Japan Executive Briefing - May 2024

Tree in the Forest - Managing Details in BDD Scenarios (live2test 2024)

Implementing KPIs and Right Metrics for Agile Delivery Teams.pdf

Crafting the Perfect Measurement Sheet with PLM Integration

A Guideline to Gorgias to to Re:amaze Data Migration

A Guideline to Zendesk to Re:amaze Data Migration

Abortion ^Clinic ^%[+971588192166''] Abortion Pill Al Ain (?@?) Abortion Pill...

Facemoji Keyboard released its 2023 State of Emoji report, outlining the most...

Studiovity film pre-production and screenwriting software

A Practical Guide to Anomaly Detection for DevOps

1. Guide to Anomaly Detection A Practical for DevOps

2. 2 categories Anomaly Detection log analysis metric analysis

3. log analysis identify suspicious event patterns in log files

4. 2 categories Anomaly Detection log analysis metric analysis

5. metric analysis identify misbehaving time-series metrics

6. Why is anomaly detection worth our time? 1 It reveals dangerous patterns that previously were undetected The static nature of rule-based and threshold-based alerts encourages a) false positives during peak times b) false negatives during quieter times 2

7. Why is anomaly detection worth our time? It reveals dangerous patterns that previously were undetected 12 The static nature of rule-based and threshold-based alerts encourages a) false positives during peak times b) false negatives during quieter times

8. weapons of mass detection

9. weapons of mass detection anomaly

10. Anomaly Detective by Prelert • Product: Anomaly Detective for Splunk • Pricing: $0-$225 / month (quote-based pricing > 10GB) • Setup: On premise (OS X, Windows, Linux & SunOS) • Installation: Easy (with Splunk Enterprise) • Main Datatype: Log lines

11. Anomaly Detective by Prelert Highlights: • Capable of consuming any stream of machine-data • Can identify rare or unusual messages. • A robust REST API, which can process almost any data feed • Offers an out-of-the-box app for Splunk Enterprise • Extends the Splunk search language with verbs tailored for anomaly detection

12. Sumo Logic • Pricing: Quote-based • Setup: SaaS (+ on-premise data collectors) • Ease of Installation: Average (deploy Sumo Logic's full solution) • Main Datatype: Log lines

13. Sumo Logic Highlights: • LogReduce: a useful log crunching capability which consolidates thousands of log lines into just a few items by detecting recurring patterns. • Sumo Logic scans your historical data to evaluate a baseline of normal data rates. Then it focuses on the last few minutes and looks for rates above or below the baseline. • Anomaly detection will work even if the log lines are not exactly identical.

14. Grok • Pricing: $219/month for 200 instances & custom metrics • Setup: Dedicated AWS instance • Ease of Installation: Easy • Main Datatype: System Metrics

15. Grok Highlights: • Designed to monitor AWS (works with EC2, EBS, ELB, RDS). • Grok API for custom metrics (it’s fairly easy to process data from statsd). • Warns you in real time. • Customizable alerts for email or mobile notifications. • Grok uses their Android mobile app as their main UI. • Installation requires a dedicated Grok instance in your cloud environment.

16. Skyline • Pricing: Open source • Setup: On-premise • Ease of Installation: Average (need python, redis and graphite) • Main Datatype: System Metrics

17. Skyline Highlights: • Etsy’s minimalist web UI lists anomalies & visualizes underlying graphs. • Horizon accepts time-series data via TCP & UDP inputs. • Stream Graphite metrics into Horizon. Horizon uploads data to a redis instance where it is processed by Analyzer - a python daemon helping to find time-series which are behaving abnormally. • Oculus, the other half of the Kale stack, is a search engine for graphs. Input one graph then locate other graphs that behave like it. Detect an anomaly using Skyline, then use Oculus to search for graphs that are suspiciously correlated to the offending graph.

18. But detecting anomalies ! is only half the battle...

19. BigPanda + Anomaly Detection BigPanda uses an algorithmic, data science approach to simplify & automate incident management ! ! incident ! management ! Anomaly Detection

20. Come take a look at what BigPanda is building! http://bigpanda.io Follow us online!

A Practical Guide to Anomaly Detection for DevOps

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à A Practical Guide to Anomaly Detection for DevOps

Similaire à A Practical Guide to Anomaly Detection for DevOps (20)

Dernier

Dernier (20)

A Practical Guide to Anomaly Detection for DevOps