DoiT International, profile picture
Uploaded byDoiT International
PPTX, PDF1,868 views

Applying ML for Log Analysis

The document discusses the application of artificial intelligence in log analysis and IT operations management, focusing on Loom Systems' AI-driven approach to enhance real-time monitoring and root-cause analysis. It highlights the significance of automating data structuring, correlation, and contextual understanding to improve incident response and operational efficiency. The presentation emphasizes the potential of AI to alleviate current bottlenecks in IT operations and the need for skilled professionals in the field.

Embed presentation

Downloaded 71 times
Applying AI for Log Analysis July 2017
Confidential and Proprietary July 2017 Hi! Ronny Lehmann CTO & Founder – Loom Systems Formerly 8200, BioCatch Machine-Learning | High-performance Cloud-Computing @ronnyle_mann
Confidential and Proprietary July 2017 Founded in April 2015 30 people (5 in San Francisco) Bootstrap for 2 first years, recently funded Hiring very much
Confidential and Proprietary July 2017 Today’s Big-Data Bottleneck: You are. 2000’s Big-Data Bottlenecks: ✓ Storing ✓ Querying ✓ Real-time processing
Confidential and Proprietary July 2017 Good dev(ops) are hard-to-find Employee tenure very low (<3yrs. Source: PayScale) Operations is Tribal Knowledge Machines are very loyal, never ask for a raise and have excellent memory. Can (some) of this be done with machines?
Confidential and Proprietary July 2017 ➜“I’ve been hearing this for 20 years” Total Recall, a movie based on a book from 1966, featuring a self-driving car as science fiction. If Artificial-Intelligence has matured enough to drive your car, it can probably also help with your IT. Skeptic?!
Confidential and Proprietary July 2017 • Real-time trend detection • Pattern Recognition • Large Dimensionality • Complex State • Strict Methodology HUMANS Good at top-down tasks BOTS Superior at bottom-up tasks • Deep reasoning • Contextual thinking • Tired • Bored • Lazy • Frustrated • Married
Confidential and Proprietary July 2017 That’s what we do @ Loom Systems AIOps - Algorithmic IT operations Use Big Data and Machine Learning Technologies to Achieve a Data-Centric Approach to Availability and Performance Monitoring. Extend the Data-Centric Approach to Other ITOM (IT Operations Monitoring) Disciplines, and Seek to Exploit the Linkages It Allows Between ITOM, SIEM and Business Analytics
Confidential and Proprietary July 2017 Action •Remedy •Recommendation •Insight •Knowledge Root-Cause Analysis •Aggregation •Correlation •Causality Data Modelling •Visualizations •Define KPIs •Reporting •Rules & Thresholds Data Preparation •Collection •Normalization •Sanitizing •Preprocessing Cracking the science behind data-science
Confidential and Proprietary July 2017 Loom Ops – real-time AIOps Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing
Confidential and Proprietary July 2017 Three layers of context Generic Context Something being mentioned more than normal, or is appearing after long absence Something stopped/started happening Common Business Context Semantical words (timeout, Trojan, failure) Common Software Proprietary Business Context Names of business products, servers, applications..
Confidential and Proprietary July 2017 Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port 48278 ssh2 Processing Generic context – rate of this pattern in the logs Common Business Context – ➜ Contextual words (Warn, Failed) ➜ Common Entities (User, IP, ssh) Proprietary Business Context – ➜ Server Name Real-time Sturcturing, Clustering Token & Entity Extraction and Classification HistogrammegatronServer MetersshdApplication MeterronnyUser Meter192.168.118.1source_IP Random48278source_port Failed password for user [user] from [source_IP] port [source_port] ssh2
Confidential and Proprietary July 2017 Automatic Structuring
Confidential and Proprietary July 2017 Loom Ops – real-time AIOps Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing
Confidential and Proprietary July 2017 - This is not (only) anomaly-detection (!) Algorithms 3σ Baseline ARIMA Feature extraction Detection & Alerting History Scoring Self Feedback User Direct and Indirect Feedback Detection When tracking up to 1M signals -> must automatically determine what kind of detections are interesting for every signal (examples: website response time, ad- click rate)
Confidential and Proprietary July 2017 Root-Cause Analysis When something breaks, anomalies are everywhere. How do you know what to fix?
Confidential and Proprietary July 2017 Root-Cause Analysis When something breaks, everything starts complaining. How do you know what to fix?
Confidential and Proprietary July 2017 Automated Root-Cause Analysis. Aggregating the detections, correlating and determining causality between them. How?: ➜ Time-based causality ➜ Relationship-based analysis ➜ Graphs-based analysis Root-Cause Analysis
Confidential and Proprietary July 2017 Examples
Confidential and Proprietary July 2017 Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.16 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.4 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.14 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user dan from 192.168.118.121 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user gab from 192.168.118.51 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user anna from 192.168.118.66 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user dan from 192.168.118.123 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user jim from 192.168.118.133 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user nate from 192.168.118.201 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user stan from 192.168.118.194 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.144 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user avi from 192.168.118.81 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user stas from 192.168.118.54 port… ronny is mentioned more than normal in the context of ssh failures The context of ssh failures is mentioned more than normal Root-Cause Analysis – Relationship Based
Confidential and Proprietary July 2017 Root-Cause Analysis- Graph Based
Confidential and Proprietary July 2017 Root-Cause Analysis- Graph Based
Confidential and Proprietary July 2017 Correlated Incidents
Confidential and Proprietary July 2017 Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing Real-Time AIOps
Confidential and Proprietary July 2017 Countering Alert Flooding / Alert Fatigue ➜ Overall rate of incidents ➜ Quality of an incident An incident report: ➜ Root-Cause Analysis ➜ History of similar incidents ➜ Insights & Recommendations Incident Enrichments
Confidential and Proprietary July 2017 Incident Enrichments
Thank you! (still hiring very much)

More Related Content

PDF
Credit Card Customer Segmentation
byBerkin Ozmen
 
PDF
Open banking [Evolution, Risks & Opportunities]
byKannan Srinivasan
 
PDF
Always on-customer-engagement real-ai-at-work-with-pega
byCapgemini
 
PDF
Mobile Remote Deposit Capture: Changing how consumers bank and banks compete
byMitek
 
PPTX
What's cryptocurrency ?
byEverythingcrypto
 
PPTX
Open banking-Future of Banking
byfarhan ali
 
PDF
Blockchain and Smart Contracts (Series: Blockchain Basics)
byFinancial Poise
 
PPTX
Open Banking - The Digital Transformation Opportunity in Disguise
byWSO2
 
Credit Card Customer Segmentation
byBerkin Ozmen
 
Open banking [Evolution, Risks & Opportunities]
byKannan Srinivasan
 
Always on-customer-engagement real-ai-at-work-with-pega
byCapgemini
 
Mobile Remote Deposit Capture: Changing how consumers bank and banks compete
byMitek
 
What's cryptocurrency ?
byEverythingcrypto
 
Open banking-Future of Banking
byfarhan ali
 
Blockchain and Smart Contracts (Series: Blockchain Basics)
byFinancial Poise
 
Open Banking - The Digital Transformation Opportunity in Disguise
byWSO2
 

What's hot

PDF
CITIBANK | METAVERSE AND MONEY
byAlejandro Franceschi
 
PDF
Central bank-digital-currency-opportunities-challenges-and-design
byRein Mahatma
 
PDF
Creative Brief - Kit Kat Valentine Campaign 2017
byWilliam Do
 
PDF
What is web3?
byRob Manson
 
PPTX
Digital Banking Strategy Roadmap - 3.24.15
byCalvin Turner
 
PDF
[Webinar] How to earn on travel in the new normal with klook
byTravelpayouts
 
PDF
Tracxn Travel India Startup Landscape - Feb 2015
byTracxn
 
PDF
FSI - Digital Transformation.pdf
byYasmineBoudhina
 
PDF
Introduction to Decentralized Finance - DeFi
byUmair Moon
 
PDF
From Customer Insights to Action
byCapgemini
 
PPTX
Presentation Popup Haiti IOM mission Knowledge Management System
bySafari Mupe
 
PDF
Top 5 DeFi Applications
by101 Blockchains
 
PPTX
What is the future of cryptocurrency
byCryptoknowmics
 
PDF
PMI Prompt Engineering | Gen AI Program Management
byPragati Singh
 
PDF
Mobile Growth Marketing: Strategy, Hacks and Tools
byAdrien Montcoudiol
 
PDF
Nft project proposal(as well as defi)
byYiQinyang2
 
PDF
Ethereum-Cryptocurrency (All about Ethereum)
byعطاءالمنعم اثیل شیخ
 
PPTX
DeFi PPT.pptx
byGloria Bell
 
PDF
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
byMustafa Kuğu
 
PPTX
Bitcoin School Project
byAkashdeepKumar1
 
CITIBANK | METAVERSE AND MONEY
byAlejandro Franceschi
 
Central bank-digital-currency-opportunities-challenges-and-design
byRein Mahatma
 
Creative Brief - Kit Kat Valentine Campaign 2017
byWilliam Do
 
What is web3?
byRob Manson
 
Digital Banking Strategy Roadmap - 3.24.15
byCalvin Turner
 
[Webinar] How to earn on travel in the new normal with klook
byTravelpayouts
 
Tracxn Travel India Startup Landscape - Feb 2015
byTracxn
 
FSI - Digital Transformation.pdf
byYasmineBoudhina
 
Introduction to Decentralized Finance - DeFi
byUmair Moon
 
From Customer Insights to Action
byCapgemini
 
Presentation Popup Haiti IOM mission Knowledge Management System
bySafari Mupe
 
Top 5 DeFi Applications
by101 Blockchains
 
What is the future of cryptocurrency
byCryptoknowmics
 
PMI Prompt Engineering | Gen AI Program Management
byPragati Singh
 
Mobile Growth Marketing: Strategy, Hacks and Tools
byAdrien Montcoudiol
 
Nft project proposal(as well as defi)
byYiQinyang2
 
Ethereum-Cryptocurrency (All about Ethereum)
byعطاءالمنعم اثیل شیخ
 
DeFi PPT.pptx
byGloria Bell
 
Inypay Pitch Deck - March 2023-Latest copy 2.pdf
byMustafa Kuğu
 
Bitcoin School Project
byAkashdeepKumar1
 

Similar to Applying ML for Log Analysis

PPTX
SSH Brute Force Attack
byGroots Software Technologies.
 
PDF
Debugging Network Issues
byApcera
 
PDF
Tensorflow and python : fault detection system - PyCon Taiwan 2017
byEric Ahn
 
PDF
Managing Large-scale Networks with Trigger
byjathanism
 
PPTX
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
byDevSecCon
 
PDF
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
byAPNIC
 
PPTX
Like bees to a honeypot - A journey through Honeypots
byMatthias Meidinger
 
PDF
Fosdem10
bywremes
 
PDF
Syslog Protocols
byMartin Schütte
 
PDF
Web 2.0 Performance and Reliability: How to Run Large Web Apps
byadunne
 
PDF
Infrastructure as code might be literally impossible / Joe Domato (packageclo...
byOntico
 
PDF
Practice and challenges from building IaaS
byShawn Zhu
 
PDF
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
byCanSecWest
 
PPTX
Attacking Big Data Land
byJeremy Brown
 
PDF
Big Data Approaches to Cloud Security
byPaul Morse
 
PDF
Infrastructure as code might be literally impossible
byice799
 
KEY
fog or: How I Learned to Stop Worrying and Love the Cloud
byWesley Beary
 
PDF
Ossec Lightning
bywremes
 
KEY
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
byWesley Beary
 
PPTX
Final Engagement
byJefferson Green
 
SSH Brute Force Attack
byGroots Software Technologies.
 
Debugging Network Issues
byApcera
 
Tensorflow and python : fault detection system - PyCon Taiwan 2017
byEric Ahn
 
Managing Large-scale Networks with Trigger
byjathanism
 
DevSecCon Singapore 2018 - System call auditing made effective with machine l...
byDevSecCon
 
IBCAST 2021: Observations and lessons learned from the APNIC Community Honeyn...
byAPNIC
 
Like bees to a honeypot - A journey through Honeypots
byMatthias Meidinger
 
Fosdem10
bywremes
 
Syslog Protocols
byMartin Schütte
 
Web 2.0 Performance and Reliability: How to Run Large Web Apps
byadunne
 
Infrastructure as code might be literally impossible / Joe Domato (packageclo...
byOntico
 
Practice and challenges from building IaaS
byShawn Zhu
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
byCanSecWest
 
Attacking Big Data Land
byJeremy Brown
 
Big Data Approaches to Cloud Security
byPaul Morse
 
Infrastructure as code might be literally impossible
byice799
 
fog or: How I Learned to Stop Worrying and Love the Cloud
byWesley Beary
 
Ossec Lightning
bywremes
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
byWesley Beary
 
Final Engagement
byJefferson Green
 

More from DoiT International

PPTX
Terraform Modules Restructured
byDoiT International
 
PPTX
GAN training with Tensorflow and Tensor Cores
byDoiT International
 
PDF
Orchestrating Redis & K8s Operators
byDoiT International
 
PPTX
K8s best practices from the field!
byDoiT International
 
PPTX
An Open-Source Platform to Connect, Manage, and Secure Microservices
byDoiT International
 
PDF
Is your Elastic Cluster Stable and Production Ready?
byDoiT International
 
PPTX
GCP for AWS Professionals
byDoiT International
 
PPTX
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
byDoiT International
 
PPTX
AWS Cyber Security Best Practices
byDoiT International
 
PPTX
Google Cloud Spanner Preview
byDoiT International
 
PPTX
Amazon Athena Hands-On Workshop
byDoiT International
 
PDF
AWS Athena vs. Google BigQuery for interactive SQL Queries
byDoiT International
 
PPTX
Google BigQuery 101 & What’s New
byDoiT International
 
PDF
Running Production-Grade Kubernetes on AWS
byDoiT International
 
PPTX
Scaling Jenkins with Kubernetes by Ami Mahloof
byDoiT International
 
PPTX
CI Implementation with Kubernetes at LivePerson by Saar Demri
byDoiT International
 
PPTX
Kubernetes @ Nanit by Chen Fisher
byDoiT International
 
PDF
Dataflow - A Unified Model for Batch and Streaming Data Processing
byDoiT International
 
PPTX
Kubernetes - State of the Union (Q1-2016)
byDoiT International
 
Terraform Modules Restructured
byDoiT International
 
GAN training with Tensorflow and Tensor Cores
byDoiT International
 
Orchestrating Redis & K8s Operators
byDoiT International
 
K8s best practices from the field!
byDoiT International
 
An Open-Source Platform to Connect, Manage, and Secure Microservices
byDoiT International
 
Is your Elastic Cluster Stable and Production Ready?
byDoiT International
 
GCP for AWS Professionals
byDoiT International
 
Cloud Dataflow - A Unified Model for Batch and Streaming Data Processing
byDoiT International
 
AWS Cyber Security Best Practices
byDoiT International
 
Google Cloud Spanner Preview
byDoiT International
 
Amazon Athena Hands-On Workshop
byDoiT International
 
AWS Athena vs. Google BigQuery for interactive SQL Queries
byDoiT International
 
Google BigQuery 101 & What’s New
byDoiT International
 
Running Production-Grade Kubernetes on AWS
byDoiT International
 
Scaling Jenkins with Kubernetes by Ami Mahloof
byDoiT International
 
CI Implementation with Kubernetes at LivePerson by Saar Demri
byDoiT International
 
Kubernetes @ Nanit by Chen Fisher
byDoiT International
 
Dataflow - A Unified Model for Batch and Streaming Data Processing
byDoiT International
 
Kubernetes - State of the Union (Q1-2016)
byDoiT International
 

Recently uploaded

PPT
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
PDF
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
PPTX
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
PDF
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
PPT
html-forms in web development-courseICT.
bymadz33
 
PPTX
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
PDF
classification of elements and periodicity.pdf
byaryanshreya2010
 
PPTX
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
PPTX
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
PPTX
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
PPT
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
PPTX
Ideathon template.pptx it is a ideathon template
bykonav71133
 
PPT
Memory Organization In Assembly Language
byumairmuhammad0409
 
PDF
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
PDF
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
PPTX
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
PDF
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
DOCX
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
PDF
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
Lecture_3 Network Securityeyeyggegeg.ppt
bysawsan202
 
Top 5 Snapchat Tracker Apps for Safe and Responsible Monitoring
byMichael Carter
 
mc l2 Overview of Computer and Web-Technology.pptx
byavanikharde
 
Design For Test - Getting Test Automation value from Design Expressions.
byDavid Harrison
 
html-forms in web development-courseICT.
bymadz33
 
Types of Cryptograph Symmetric Ceaser cipher and also about Assymetric
byhamzaabdulqadeer11
 
classification of elements and periodicity.pdf
byaryanshreya2010
 
BIG DATA it is talking about the big data.pptx
byAbhishekGarg269
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 
COĞRAFYA ödevi 70 sayfa güzeldir hayırlı olsun
bydtilter
 
Abhishek Jaiswal.ppt.pptx for you it is very useful for me and I am sharing w...
byabhishekjaiswal5th33
 
Lecture_3 Network Securityyyeyeyyeeyyeywy.ppt
bysawsan202
 
Ideathon template.pptx it is a ideathon template
bykonav71133
 
Memory Organization In Assembly Language
byumairmuhammad0409
 
WShell Gameplay and Games of Games of Games
byzramirezmtz9
 
How Social Media Management Tools Work – Step-by-Step Guide
byTurrboo
 
PRITHVI theater, A true artist. Newzfeaturez.pptx
bysc05digital
 
Xnspy vs FlexiSPY: 2025 Monitoring Comparison
byMichael Carter
 
BestMaker.ai: The Complete Brand Story, Founder's Vision, and AI Creative Pla...
byssuser7381d6
 
ARTIFICIAL INTELLIGENCE DEVELOPMENT SERVICE
bydavidjohansen1597
 

Applying ML for Log Analysis

  • 1.
    Applying AI forLog Analysis July 2017
  • 2.
    Confidential and ProprietaryJuly 2017 Hi! Ronny Lehmann CTO & Founder – Loom Systems Formerly 8200, BioCatch Machine-Learning | High-performance Cloud-Computing @ronnyle_mann
  • 3.
    Confidential and ProprietaryJuly 2017 Founded in April 2015 30 people (5 in San Francisco) Bootstrap for 2 first years, recently funded Hiring very much
  • 4.
    Confidential and ProprietaryJuly 2017 Today’s Big-Data Bottleneck: You are. 2000’s Big-Data Bottlenecks: ✓ Storing ✓ Querying ✓ Real-time processing
  • 5.
    Confidential and ProprietaryJuly 2017 Good dev(ops) are hard-to-find Employee tenure very low (<3yrs. Source: PayScale) Operations is Tribal Knowledge Machines are very loyal, never ask for a raise and have excellent memory. Can (some) of this be done with machines?
  • 6.
    Confidential and ProprietaryJuly 2017 ➜“I’ve been hearing this for 20 years” Total Recall, a movie based on a book from 1966, featuring a self-driving car as science fiction. If Artificial-Intelligence has matured enough to drive your car, it can probably also help with your IT. Skeptic?!
  • 7.
    Confidential and ProprietaryJuly 2017 • Real-time trend detection • Pattern Recognition • Large Dimensionality • Complex State • Strict Methodology HUMANS Good at top-down tasks BOTS Superior at bottom-up tasks • Deep reasoning • Contextual thinking • Tired • Bored • Lazy • Frustrated • Married
  • 8.
    Confidential and ProprietaryJuly 2017 That’s what we do @ Loom Systems AIOps - Algorithmic IT operations Use Big Data and Machine Learning Technologies to Achieve a Data-Centric Approach to Availability and Performance Monitoring. Extend the Data-Centric Approach to Other ITOM (IT Operations Monitoring) Disciplines, and Seek to Exploit the Linkages It Allows Between ITOM, SIEM and Business Analytics
  • 9.
    Confidential and ProprietaryJuly 2017 Action •Remedy •Recommendation •Insight •Knowledge Root-Cause Analysis •Aggregation •Correlation •Causality Data Modelling •Visualizations •Define KPIs •Reporting •Rules & Thresholds Data Preparation •Collection •Normalization •Sanitizing •Preprocessing Cracking the science behind data-science
  • 10.
    Confidential and ProprietaryJuly 2017 Loom Ops – real-time AIOps Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing
  • 11.
    Confidential and ProprietaryJuly 2017 Three layers of context Generic Context Something being mentioned more than normal, or is appearing after long absence Something stopped/started happening Common Business Context Semantical words (timeout, Trojan, failure) Common Software Proprietary Business Context Names of business products, servers, applications..
  • 12.
    Confidential and ProprietaryJuly 2017 Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port 48278 ssh2 Processing Generic context – rate of this pattern in the logs Common Business Context – ➜ Contextual words (Warn, Failed) ➜ Common Entities (User, IP, ssh) Proprietary Business Context – ➜ Server Name Real-time Sturcturing, Clustering Token & Entity Extraction and Classification HistogrammegatronServer MetersshdApplication MeterronnyUser Meter192.168.118.1source_IP Random48278source_port Failed password for user [user] from [source_IP] port [source_port] ssh2
  • 13.
    Confidential and ProprietaryJuly 2017 Automatic Structuring
  • 14.
    Confidential and ProprietaryJuly 2017 Loom Ops – real-time AIOps Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing
  • 15.
    Confidential and ProprietaryJuly 2017 - This is not (only) anomaly-detection (!) Algorithms 3σ Baseline ARIMA Feature extraction Detection & Alerting History Scoring Self Feedback User Direct and Indirect Feedback Detection When tracking up to 1M signals -> must automatically determine what kind of detections are interesting for every signal (examples: website response time, ad- click rate)
  • 16.
    Confidential and ProprietaryJuly 2017 Root-Cause Analysis When something breaks, anomalies are everywhere. How do you know what to fix?
  • 17.
    Confidential and ProprietaryJuly 2017 Root-Cause Analysis When something breaks, everything starts complaining. How do you know what to fix?
  • 18.
    Confidential and ProprietaryJuly 2017 Automated Root-Cause Analysis. Aggregating the detections, correlating and determining causality between them. How?: ➜ Time-based causality ➜ Relationship-based analysis ➜ Graphs-based analysis Root-Cause Analysis
  • 19.
    Confidential and ProprietaryJuly 2017 Examples
  • 20.
    Confidential and ProprietaryJuly 2017 Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.1 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user ronny from 192.168.118.16 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user dror from 192.168.118.4 port… Sep 27 14:25:54 megatron sshd[7498]: WARN - Failed password for user john from 192.168.118.14 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user dan from 192.168.118.121 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user gab from 192.168.118.51 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user anna from 192.168.118.66 port… Sep 27 14:25:55 megatron sshd[7498]: WARN - Failed password for user dan from 192.168.118.123 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user jim from 192.168.118.133 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user nate from 192.168.118.201 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user stan from 192.168.118.194 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user paul from 192.168.118.144 port… Sep 27 14:25:56 megatron sshd[7498]: WARN - Failed password for user avi from 192.168.118.81 port… Sep 27 14:25:57 megatron sshd[7498]: WARN - Failed password for user stas from 192.168.118.54 port… ronny is mentioned more than normal in the context of ssh failures The context of ssh failures is mentioned more than normal Root-Cause Analysis – Relationship Based
  • 21.
    Confidential and ProprietaryJuly 2017 Root-Cause Analysis- Graph Based
  • 22.
    Confidential and ProprietaryJuly 2017 Root-Cause Analysis- Graph Based
  • 23.
    Confidential and ProprietaryJuly 2017 Correlated Incidents
  • 24.
    Confidential and ProprietaryJuly 2017 Processing Semi-structured -> Structured Data MLP & Pattern Recognition Measure-All Analysis Behavior Tracking Anomaly Detection & Trend Prediction Correlation Engine Alerting Incident Enrichment Insights Engine Routing Real-Time AIOps
  • 25.
    Confidential and ProprietaryJuly 2017 Countering Alert Flooding / Alert Fatigue ➜ Overall rate of incidents ➜ Quality of an incident An incident report: ➜ Root-Cause Analysis ➜ History of similar incidents ➜ Insights & Recommendations Incident Enrichments
  • 26.
    Confidential and ProprietaryJuly 2017 Incident Enrichments
  • 27.

Editor's Notes

  • #5 They’re called data-scientists but these are analysts, SRE’s, DevOps and others
  • #7 ASK: Who here believes that self-driving cars will be successful? This book was released exactly 50 years ago. Indeed, science fiction sometimes takes too long to become reality Seriously – let’s get skepticism out of the way – I’m going to be talking about a working concept. It’s not the car, or the street, or the stoplight. It’s the AI. AI is mature, it’s ready
  • #8 Humans are better at top-down, or open-ended questions, such as “where should I open my next branch” Machines are superior in rigorous and exhausting tasks, such as “keep track on our sales in every state, sliced by affiliates, browsers; let me know if something happens”? Can we split responsibility?
  • #11 Analysis is comprised of processing, analyzing, understanding, then acting. Loom Ops does the processing, analyzing, and – to some-extent – the understanding. We must have automated processing if we want to: Track much more Ingest many sources …
  • #12 Loom covers the generic and common contexts, and will be able to inter-connect them with proprietary contexts
  • #13 The single log line will automatically be processed and translated to 8 different metrics! This is without going into sequence analysis Can you see how hard it is to extract value from machine data?
  • #16 We suppress “always-broken” alerts. The Machine-Learning based prioritization and filtering is self adjusting so that the incidents rate fits the size of the team
  • #17 Detection is very hard and usually ends with a vague lead – such as user complaints, high CPU You then go to the logs (single source of truth) but there’s all this noise. You find many unusual things in different log streams. This is RCA – the process of understanding that the kids are fighting, not because Silvia pushed John and he pushed back, but because they’re hungry
  • #18 Can you see how hard it is to extract value from machine data?
  • #21 The ops guy gets an alert – high-cpu on Authentication server. He starts searching the logs for errors, and after some serious amount of work, he narrows it down to this log line. Can you tell the difference in the meaning of the two scenarios?
  • #23 When things go wrong, it’s hard to tell the chain of causality
  • #26 We have less alerts because we suppress “always-broken” alerts, and with the help of ML-based prioritization and filtering. This reaches a much better result when compared to a human-built rule engine Can you see how hard it is to extract value from machine data? Then, it’s the quality of the incident, translating to MTTR. Fuzzy matching is crucial because no one uses ticketing systems. You need to get it in “push”. And you need to be able to provide simple, fast feedback
  • #27 BTW, Anomaly detection makes it possible for us to suppress “always-broken” alerts. We also used Machine-Learning based prioritization and filtering – we adjust the incidents rate to the size of the team. Fuzzy matching is crucial because no one uses ticketing systems. You need to get it in “push”. And you need to be able to provide simple, fast feedback