37
Copyright © 2015 Splunk Inc. Operationalizing Machine Learning

Machine Learning + Analytics in Splunk

  • Upload
    splunk

  • View
    633

  • Download
    6

Embed Size (px)

Citation preview

Page 1: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

OperationalizingMachineLearning

Page 2: Machine Learning + Analytics in Splunk

2

DisclaimerDuringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfuture

eventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose

containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.

Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.

Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeatures

orfunctionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.

Page 3: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

WhyMachineLearning?

Page 4: Machine Learning + Analytics in Splunk

4

Humans are good at learning, but we get lost

in volume and details…

Page 5: Machine Learning + Analytics in Splunk

5

WhydoweneedMachineLearning?

- ImproveDecisionMaking- ForecastorPredictKPIs- AlertonDeviation- Uncoverhiddentrendsor

relationships

AllofthisrequiresDiverseDatafromacrossManySilos.LotsofUnstructured,RealTimeData.

Page 6: Machine Learning + Analytics in Splunk

6

RuntheBusinessinReal-time

DataFromthePast Real-timeData StatisticalForecastT– afewdays T+afewdays

SecurityOperationsCenter

ITOperationsCenter

BusinessOperationsCenter

Predictive(Models)

Descriptive(BITools,DataLakes) Greyspace

Page 7: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

WhatisMachineLearning?

Page 8: Machine Learning + Analytics in Splunk

8

ML 101: What is Machine Learning?What: “Field of study that gives computers the ability to learn

without being explicitly programmed” – A. Samuel, 1959How: Generalizing (learning) from examples (data)

Simple ML workflow:– EXPLORE data– FIT models based on data– APPLY models in production– VALIDATE models– REPEAT

Page 9: Machine Learning + Analytics in Splunk

9

How Machines Learn[Prediction]• When we see thick clouds and an overcast sky, we

predict that it’s likely going to rain

[Estimation/ Regression]• Estimate how much an apartment costs based on its

location, condition and prices of properties in that neighborhood

[Classification/ Clustering]• Determine the gender of a person based on her/his

features, hair style and the way s/he dresses

[Anomaly Detection] • Identify the odd one out

[Reinforcement Learning]• If I made a mistake this time, can I do better next time?

Allofushavehadsomeexperienceinlearning.But…what’sbehindourexperience?Howdowetranslatethatknowledgetocode?

Page 10: Machine Learning + Analytics in Splunk

10

Major Types of Machine Learning1. Supervised Learning: generalizing from labeled data

Page 11: Machine Learning + Analytics in Splunk

11

Major Types of Machine Learning2.Unsupervised Learning:generalizingfromunlabeled data?

Page 12: Machine Learning + Analytics in Splunk

12

3. Reinforcement Learning: • System is rewarded (or punished) based on the outcomes it generates• Action leads to a change in the state of the world and generates an error score

Major Types of Machine Learning

Page 13: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

Splunk’s MachineLearningTour

Page 14: Machine Learning + Analytics in Splunk

14

OverviewofMLatSplunk

CorePlatformSearch PackagedPremiumSolutions CustomML

PlatformforOperationalIntelligence

Page 15: Machine Learning + Analytics in Splunk

15

SearchIncludesMachineLearningCorePlatformSearchisapowerfulandhighlyflexibleinterfacebuiltwithML

anomalydetection

Page 16: Machine Learning + Analytics in Splunk

16

SplunkITServiceIntelligence

GetData Defineservices,entitiesandKPIs

Monitorandtroubleshoot

Analyzeanddetect

Data-Defined,Data-DrivenServiceInsights

PackagedML:AdaptiveThresholdsandAnomalyDetection

OneofseveralPremiumSolutions

Page 17: Machine Learning + Analytics in Splunk

17

SplunkMachineLearningToolkit

Assistants: Guidemodelbuilding,testing,&deployingforcommonobjectivesShowcases: InteractiveexamplesfortypicalIT,security,business,IoTusecases

Algorithms: 25+standardalgorithmsavailableprepackagedwiththetoolkitSPLMLCommands:Newcommandstofit,testandoperationalizemodelsPythonforScientificComputingLibrary:300+opensourcealgorithmsavailableforuse

Buildcustomanalyticsforanyusecase

ExtendsSplunkplatformfunctionsandprovidesaguidedmodelingenvironment

Page 18: Machine Learning + Analytics in Splunk

18

Algorithmssupported(v2.0,.conf2016)

Page 19: Machine Learning + Analytics in Splunk

ITSI,UBA

DomainExpertise(IT,Security,…)

DataScienceExpertise

SplunkExpertise

CustomMachineLearning– SuccessFormula

Identifyusecases

Drivedecisions

Setbusiness/opspriorities

SPL

Dataprep

Statistics/mathbackground

Algorithmselection

Modelbuilding

SplunkMLToolkitfacilitatesandsimplifiesviaexamples&guidance

Operationalsuccess

Page 20: Machine Learning + Analytics in Splunk

20

Summary:TheMLProcessProblem:<Stuffintheworld>causesbigtime&moneyexpense.ValueHypothesisSolution:BuildMLmodeltoforecast<possibleincidents>,actpre-emptively&learn

Ope

ratio

nalize

1. Getalltherelevantdatatotheproblem;Explore thedata

2. SelectandFitanalgorithmonthedata,generatingamodel

3. Apply &Validatemodelsuntilpredictionssolvetheproblem

4. SurfacethemodeltoXOps,whoconsumethemodeltosolvetheproblem

Page 21: Machine Learning + Analytics in Splunk

21

MachineLearningProcesswithSplunk

21

CollectData

Explore/Visualize

Model

Evaluate

Clean/Transform

Publish/Deploy

props.conf,transforms.conf,DatamodelsAdd-onsfromSplunkbase,etc.

Pivot,TableUI,SPLMLToolkit

Alerts,Dashboards,Reports

Page 22: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

SplunkArchitecture&ML

Page 23: Machine Learning + Analytics in Splunk

23

ContinuousDataIngestatScale

DevelopVisualize PredictAlertSearch

Engineers DataAnalysts

SecurityAnalysts

BusinessUsers

NativeInputsTCP,UDP,Logs,Scripts,Wire,Mobile

IndustrialData

SCADA,AMI,MeterReads

ModularInputsMQTT,AMQP,COAP,REST,JMS

HTTPEventCollectorTokenAuthenticatedEvents

RealTime

TechnologyPartnershipsKepware,AWSIoT,Cisco,PaloAlto

MaintenanceInfo

AssetInfo

DataStores

ExternalLookups/Enrichment

23

OT

IndustrialAssets

IT

ConsumerandMobileDevices

Page 24: Machine Learning + Analytics in Splunk

24

SenseandRespond

RealTime Search Alert

Third-PartyApplications

SmartphonesandDevices

Tickets

Email

Sendanemail

Fileaticket

Sendatext

Flashlights

Triggerprocessflow

24

OT

IndustrialAssets

IT

ConsumerandMobileDevices

EverySearchCanUseMachineLearning

Page 25: Machine Learning + Analytics in Splunk

25

Splunk:DataFabric

25

OT

IndustrialAssets

IT

ConsumerandMobileDevices

RealTime

ITusers Analysts BusinessUsers

AdHocSearch

CustomDashboards

MonitorandAlert

Reports/Analyze

Clickstreams HadoopDevices Networks

GPS/Cellular

OnlineShoppingCarts

Servers Applications

Analysts BusinessUsers

DataWarehouses

StructuredDataSources

CRM ERP HR Billing Product Finance

DBConnectLook-ups

ODBCSDKAPI

Page 26: Machine Learning + Analytics in Splunk

Differentlenses intothesamedata

SCADAOpsCenter BizOpsCenter

ITOpsCenter

Compliance

SecurityOpsCenter

DataReuse=GreaterDataLeverageFraudOpsCenter,etc…

Page 27: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

MLUseCasesAndCustomerStories

Page 28: Machine Learning + Analytics in Splunk

28

MLIsAllAroundYou!Recall:EXPLORE>FIT>APPLY>VALIDATE>REPEAT

• Facedetection:findfacesinimages

• Spamfiltering:identifySPAMmessages

• ShoppingRecommendations:predictwhatcustomerswouldliketobuy

• Frauddetection:identifycreditcardtransactionswhichmaybefraudulentinnature

• Weatherforecast:predictwhetherornotitwillraintomorrow;estimatedailymax/min

Page 29: Machine Learning + Analytics in Splunk

29

MachineLearningCustomerSuccess

NetworkIncidentDetectionServiceDegradationDetection Security/FraudPrevention

PrioritizeWebsiteIssuesandPredictRootCause

PredictGamingOutagesFraudPrevention

MachineLearningConsultingServices AnalyticsAppbuiltonMLToolkit

Optimizingoperationsandbusinessresults

CellTowerIncidentDetectionOptimizeRepairOperations

Entertainment Company

15

Page 30: Machine Learning + Analytics in Splunk

30

MLToolkitCustomerUseCases

30

Speedingwebsiteproblemresolutionbyautomaticallyrankingactionsforsupportengineers

Reducingcustomerservicedisruptionwithearlyidentificationofdifficult-to-detectnetworkincidents

Minimizingcelltowerdegradationanddowntimewithimprovedissuedetectionsensitivity

Improvingcelltoweruptimeandreducingrepairtruckroleswithanomalydetectionandrootcauseanalysis

Predictingandavertingpotentialgamingoutageconditionswithfiner-graineddetection

EnsuringmobiledevicesecuritybydetectinganomaliesinIDauthentication

PreventingfraudbyIdentifyingmaliciousaccountsandsuspiciousactivitiesEntertainment Company

Page 31: Machine Learning + Analytics in Splunk

31

DetectNetworkOutliersReduceddowntime+increasedserviceavailability=bettercustomersatisfaction

31

MLUseCase Monitornoiserisefor20,000+celltowerstoincreaseserviceanddeviceavailability,reduceMTTR

Technicaloverview • Acustomizedsolutiondeployedinproductionbasedonoutlierdetection.• Leveragepreviousmonthdataandvotingalgorithms

“TheabilitytomodelcomplexsystemsandalertondeviationsiswhereITandsecurityoperationsareheaded…SplunkMachineLearninghasgivenusaheadstart...”

Page 32: Machine Learning + Analytics in Splunk

32

ReliablewebsiteupdatesProactivewebsitemonitoringleadstoreduceddowntime

32

“SplunkMLhelpsusrapidlyimproveend-userexperiencebyrankingissue severitywhichhelpsusdeterminerootcausesfasterthusreducingMTTRandimprovingSLA”

• Veryfrequentcodeandconfig updates(1000+daily)cancausesiteissues• Finderrorsinserverpools,thenprioritizeactionsandpredictrootcause

• CustomoutlierdetectionbuiltusingMLToolkitOutlierassistant• BuiltbySplunkArchitectwithnoDataSciencebackground

MLUseCase

Technicaloverview

Page 33: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

ShowmetheML!

Page 34: Machine Learning + Analytics in Splunk

34

NextStepswithSplunkML• ReachouttoyourTechTeam!WecanhelparchitectMLworkflows.• LotsofMLcommandsinCoreSplunk(predict,anomalydetection,stats)• MLToolkit&Showcase– availableandfree,readytouse• SplunkITSI:AppliedMLforITOAusecases

– Manage1000sofKPIs&alerts– AdaptiveThresholding&AnomalyDetection

• SplunkUBA:AppliedMLforSecurity– UnsupervisedlearningofUsers&Entities– SurfacesAnomalies&Threats

• MLCustomerAdvisoryProgram:– ConnectwithProduct&Engineeringteams- [email protected]

Page 35: Machine Learning + Analytics in Splunk

35

WhatElse?• GettheMachineLearningToolkitfromSplunkbase• GowatchMachineLearningVideosonSplunkYoutube Channel

http://tiny.cc/splunkmlvideos

• Go watchtheMachineLearningstalksfromConf 2016:– AdvancedMachineLearninginSPLwiththeMachineLearningToolkitbyJacob

Leverich– ExtendingSPLwithCustomSearchCommandsandtheSplunkSDKforPythonby

JacobLeverich

• EarlyAdopterAndCustomerAdvisoryProgram:[email protected]• FieldMLArchitects:AndrewStein(astein@),BrianNash(bnash@)

Page 36: Machine Learning + Analytics in Splunk

36

MarkYourCalendars!• .conf2017isgoingtoDC!• Sept26-28,2017• WalterEWashingtonConventionCenter

Page 37: Machine Learning + Analytics in Splunk

Copyright©2015SplunkInc.

Thankyou!