Smart Log Data Analytics by Florian Skopik & Markus Wurzenberger & Max Landauer

Author:Florian Skopik & Markus Wurzenberger & Max Landauer
Language: eng
Format: epub
ISBN: 9783030744502
Publisher: Springer International Publishing

5.4 Time Series Analysis

The time series derived from metrics such as the cluster size are the foundation for analytical anomaly detection. This section describes the application of TSA methods to model the cluster developments and perform anomaly detection by predicting future values of the time series.

5.4.1 Model

Time series are sequences of values y 0, y 1, y 2, … associated with specific points in time t = 0, 1, 2, …. For our purposes, a time step therefore describes the status of the internal and external transitions and their corresponding metrics of each cluster at the end of a time window. These sequences are modeled using appropriate methods such as autoregressive integrated moving-average (ARIMA) processes. ARIMA is a well-reasearched modeling technique for TSA that is able to include the effects of trends and seasonal behavior in its approximations [21].

Clearly, the length of the time series is ever increasing due to the constant stream of log messages and at one point its handling will become problematic either by lack of memory or by the fact that fitting an ARIMA model requires too much runtime. As a solution, only a certain amount of the most recent values are stored and used for the model as older values are of less relevance. The specific number of considered values depends on the available amount of resources and can be defined by the user.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.