Splunk + Prelert : Anomaly Detection With Machine Learning Analytics

Last week, i updated the old Splunk in my Laptop. Last version that i have is version 4.x.x. I got an email from Prelert about their new feature. For you who don’t know about Prelert : Prelert is a layer of highly advanced predictive analytics software that easily integrates with and turbocharges your existing management tools. It enables truly proactive management by automatically learning the normal behaviour of your application and supporting environment and alerting you to potential problems as they develop. Prelert is Splunk App that can enhance Splunk feature into anomaly detection through machine learning process.

Anomaly Detective’s self-learning predictive analytics with machine intelligence assistance recognize both normal and abnormal machine behavior. Using highly advanced pattern recognition algorithms, Anomaly Detective identifies developing issues and provides detailed diagnostic data, enabling IT experts to avoid problems or diagnose them as much as 90 percent faster than previously possible

Prelert Dashboard feature included :

QuickMode - quickly converts your existing timechart searches to on-going, proactive anomaly searches
Real-Time - detect developing anomalies using continuous background anomaly searches
Compare - use to compare two searches at different times
AutoDetect - extend an ad-hoc Splunk search with on-the-fly anomaly detection
Categorize - automatically categorizes raw text fields based on similarity of text strings

Prelert

Since the new version of Prelert (3.1.8) needs the latest Splunk version, so i have to update my Splunk first.

This post just a quick post for introduction in Splunk, Splunk Apps, and Prelert. Maybe my next post will tell you about technical explanation step by step how to setup your Splunk, and setup Prelert in Splunk.

Below is some screenshots from my Splunk Dashboard, example of some Splunk Apps, and Dahboard for Prelert anomaly detective :

Splunk Version