Cloudera Community

Support Questions

Find answers, ask questions, and share your expertise
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Advanced Search
Solved Go to solution

Event Correlation and Anomaly Detection in metron

Labels:
avatar
author-rank alizadeh_uut1
Rising Star

Created ‎10-02-2016 11:07 AM

hello to all,

I have reviewed metron docs and it's been indicated (for many times) that telemetry correlation and anomaly detection are two of metron main tasks.

Now i need to know which components do these tasks. I'm interested to see the source code doing correlation & anomaly detection.

Has anyone any idea?does anybody know where can I find them?

Thanks in advance.

3,692 Views
1 ACCEPTED SOLUTION

avatar
author-rank sball author-rank
Guru

Created ‎10-21-2016 08:16 PM

There are a variety of meanings of correlation in Metron.

One means is adding correlation keys in the enrichment process, which then allow you to view events together once they are indexed. So you can correlate events by adding a common search key you can then pivot on in Kibana. This is a great means of investigating correlations between alerts and events.

For a more statistical approach to correlation, you will want to look into the profiler which maintains windows of data, which can then be used to correlate time series data using, for example, arima in a model managed by the model as a service infrastructure. This area of Metron is growing quite fast at the moment. I would suggest also looking at the Stellar statistics functions which can be used to build simple anomaly based models as well. It's also easy enough to add functions to Stellar if you want to extend the functionality.

View solution in original post

2,385 Views
4 REPLIES 4

avatar
author-rank sball author-rank
Guru

Created ‎10-21-2016 08:16 PM

There are a variety of meanings of correlation in Metron.

One means is adding correlation keys in the enrichment process, which then allow you to view events together once they are indexed. So you can correlate events by adding a common search key you can then pivot on in Kibana. This is a great means of investigating correlations between alerts and events.

For a more statistical approach to correlation, you will want to look into the profiler which maintains windows of data, which can then be used to correlate time series data using, for example, arima in a model managed by the model as a service infrastructure. This area of Metron is growing quite fast at the moment. I would suggest also looking at the Stellar statistics functions which can be used to build simple anomaly based models as well. It's also easy enough to add functions to Stellar if you want to extend the functionality.

2,386 Views

avatar
author-rank alizadeh_uut1
Rising Star

Created ‎10-31-2016 07:51 AM

@Simon Elliston Ball @Timothy Spann

thank you both for your helpful answers, actually it took me a while to go through your links, but now I know what I needed.

2,385 Views
0 Kudos

avatar
author-rank abras
Explorer

Created ‎05-23-2018 09:47 AM

Could you elaborate on your findings please ? How can I trigger a complex alarm involving simple alarms from different logs ? Is Stellar of any help for it ?

2,385 Views
0 Kudos
Announcements
What's New @ Cloudera
Cloudera Data Engineering 1.23: Access Spark from Your Favor...
What's New @ Cloudera
HBase REST server scaling support is Generally Available
What's New @ Cloudera
New CLI option in the update-database command
What's New @ Cloudera
New Action menu item in the Cloudera Operational Database UI
What's New @ Cloudera
Get the list of supported instance types in the Cloudera Ope...
View More Announcements