17. 10. 2019 Tobias Goller ITOA, Log-SIEM, Machine Learning, NetEye

Experiences with Netflow and Machine Learning in Elastic

Some time ago I was able to use the machine learning functionality in Elastic for the first time. I was astonished at how easy it is to use, and how fast it calculates historical data.

In my particular case, I loaded Netflow data into the Elastic database. I wanted to use this data to evaluate the utilization of the various WAN lines, to promptly recognize any problems, and to calculate forecasts.

In order to achieve these goals, in addition to machine learning, I used the Netflow module from Logstash, which provides you with the standard Netflow dashboards.

By using the Netflow Logstash Module, the Netflow information is stored in Elastic with the required fields. With these fields I created a “single metric” job over the “bytes” field within Elastic’s machine learning module. That way you can easily specify the span for the detailed calculation of the data, for example 5 minutes.

Finally, you need to define a name for the job, and the period over which the calculation should run. After a short time, you will already be able to evaluate the result in the “Anomaly Explorer”. As soon as you click on a span unit, you will get the details for the period and you can open the corresponding “Single Metric Viewer”, which displays in graphical form the data line (the actual values) and the base line (upper and lower bounds predicted by the machine learning algorithm) as calculated by Elastic.

In the “Single Metric Viewer”, you can immediately see the “Forecast” button, which makes it easy to calculate forecasts.

I especially appreciate the possibility of using the machine learning functionality in Elastic to create an analysis with forecasts over all stored historical data.

To conclude, I just can’t emphasize enough how simple and intuitive it is to use machine learning in Elastic – one of those rare times when a surprise is truly a positive thing.

Tobias Goller

Tobias Goller

NetEye Solution Architect at Würth Phoenix
I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Author

Tobias Goller

I started my professional career as a system administrator. Over the years, my area of responsibility changed from administrative work to the architectural planning of systems. During my activities at Würth Phoenix, the focus of my area of responsibility changed to the installation and consulting of the IT system management solution WÜRTHPHOENIX NetEye. In the meantime, I take care of the implementation and planning of customer projects in the area of our unified monitoring solution.

Latest posts by Tobias Goller

05. 03. 2024 Unified Monitoring
nBox Mini
13. 02. 2024 NetEye, Unified Monitoring
SNMP Trap Archiving in Elastic via Tornado
18. 10. 2023 Unified Monitoring
ntopng – Display Multiple Metrics in One Graph
25. 09. 2023 NetEye, Unified Monitoring, Visual Synthetic Monitoring
Alyvix Modules in NetEye
10. 07. 2023 Unified Monitoring
ntop News in the Next Release
See All

Related Content

Tags: , , ,

28. 12. 2023 Log-SIEM, Machine Learning

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Adding the LLM ingredient

You weren't expecting a part three of this series, right? Well honestly, me neither. But after working together with you on the POC where we firstly crawled the NetEye Guide and applied ELSER to the resulting documents, and then we Read More
24. 12. 2023 Development, DevOps, Log-SIEM, NetEye

Making ELK Updates Smoother with Configurators and Ansible

Recently (in September 2023) NetEye integrated version 8.8 of the Elastic Stack, which is just one of many Elastic updates brought into NetEye 4. Since this Elastic update there was a major upgrade (from version 7.17) coming with many breaking Read More
09. 10. 2023 Log-SIEM, Machine Learning, NetEye

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Can We Improve the Search Experience? (Part 2) 

In my previous blog post, we saw how it's possible to index some documents that we created by crawling our NetEye User Guide, then applying the ELSER model in Elasticsearch to create a bag of words for searching that takes Read More
03. 10. 2023 Log-SIEM, Machine Learning, NetEye

Semantic Search in Elasticsearch – Testing Our NetEye Guide: Can We Improve the Search Experience? (Part 1)

Once upon a time (in fact it was just a month ago, but it sounds more dramatic this way) I had the opportunity to attend a webinar about Vector Search, Generative AI, and modern NLP by the Elastic Team. One Read More
29. 08. 2023 Log Management, Log-SIEM, NetEye

Configuring the New Fleet Server on Elastic 8

The Fleet Management feature was automatically enabled with NetEye release 4.30, and with the current 4.31 version all the Elastic Stack packages will be upgraded to major version 8. These two milestones will permit us to centrally manage log ingestion Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

Search by technology

Contact

Contact us
Serviceportal

Archive