1. Home
  2. Docs
  3. Logstail Docs
  4. Anomaly Detection & Insights

Anomaly Detection & Insights

Anomaly Detection enables the use of Machine Learning algorithms to automatically detect anomalies in the log files you send to our platform. If you combine this functionality with our Alerting feature, then you can monitor your data in real-time and also get alert notifications!

The Insights feature has the ability to detect anomalies in the Elasticsearch data in near real-time using an advanced algorithm (Random Cut Forest – RCF). This algorithm has the ability to model a sketch of the incoming data and compute the appropriate parameters (anomaly grade and confidence score value) for the incoming data, based on a scheduled job running under a job-scheduler. In the next step, these values are used to differentiate the normal from the non-normal behavior.

An anomaly is in general something irregular that deviates from the common rule. For example, when it comes to data analysis, an anomaly is a data unit which notably differs from the majority. With the abrupt rise of Technology, businesses have adopted AI-powered Anomaly Detection as a solution to quickly become aware of occurring anomalies and control them.

Machine Learning Anomaly Detection is the use of algorithms in order to automatically detect anomalies in an IT system. When it comes to log management and security analytics platforms, Anomaly Detection plays a crucial part. It helps in the achievement of a higher level of security by conducting continuous monitoring in order to detect suspicious events and point out where an error is occurring.

Some of these events may be intrusion or attack attempts, where attackers try to invade and damage an IT system. Another example is network failures, whose consequences can affect any business’s performance. With the use of Anomaly Detection, organizations can not only deal with the problem effectively, but also identify the cause of such events and be prepared for similar incidents in the future.

In addition, Anomaly Detection can handle large amounts of data and provide adaptive and on-time alerting mechanisms. So, no matter how big the databases are and how many logs need to be managed, users apply reliable and uninterrupted monitoring to make sure data remain secure while operating in an ever-changing environment.

The Logstail.com Anomaly Detection tool is at the Insights tab. Initially, users need to create a detector following these simple steps:

  1. Click on Detectors and then Create Detector

2. Choose a name and description for the Detector


3. Choose the preferred settings regarding the Data Source.

Furthermore, add a Data Filter. Users have the ability to add and apply as many filters as they want.

The next step is to define the way that the Detector should operate.

Define the model features in order to set the index fields which the Detector will search and find anomalies in. The maximum number of features that users can apply is five.

Now it’s all set! Users can create multiple Detectors if they want.

When this configuration is complete, the created Detectors will start monitoring inputs of information and provide insights by identifying and isolating anomalies. This information is visible and available at the Dashboard section of the Insights tab.

As mentioned before, the ability to detect anomalies in almost real-time is achieved with the use of an advanced algorithm called Random Cut Forest (RCF). Taking Anomaly Grade and Confidence Score Value into consideration, this algorithm can single out an abnormal from a normal behavior.

After an anomaly has been detected, the Alerting feature of Logstail.com comes into the appliance, providing alert notifications about the problem to solve it before it becomes a real issue.

Was this article helpful to you? Yes No

How can we help?