Setup Anomaly-Detection using Logstail Insights Plugin
- Navigate to Insights Plugin from the top menu.
- Click on Create detector.
- Name your detector.
- Optionally add a description to the detector.
- Select the desired index you want to run the detector on. (We recommend to use the wildcard “*” to include the logs for all the dates.)
- Optionally you add a Data filter.
- Select @timestamp for the Timestamp field.
- Click next on the bottom-right of the page.
- Enter a name for your feature.
- Check the Enable feature option.
- For our example we use the Field value option.
- For our example we use max as an Aggregation method.
- For field select “cpuusage” to find anomalies based on high CPU usage.
- You can add more features to match your needs and your use case.
- Click next on the bottom-right of the page.
- Check the Start real-time detector automatically checkbox.
- Check the Run historical analysis detection checkbox if you want to run historical analysis to your MikroTik logs. Also select the desired time range for the analysis.
- Click next on the bottom-right of the page.
- Click Create detector on the bottom-right of the page.
The Detector setup has finished. You can navigate in the Real-time results tab to view the anomalies detected in real time, in the Historical analysis tab to view the analysis of your data and in the Detector configuration tab to view or edit the Detector configuration.