Machine Learning + Analytics

transcript

OperationalizingMachineLearningBrianNashSplunkArchitect;BusinessAnalytics,ML&IoT

DisclaimerDuringthecourseofthispresentation,wemaymakeforwardlookingstatementsregardingfuture

eventsortheexpectedperformanceofthecompany.Wecautionyouthatsuchstatementsreflectourcurrentexpectationsandestimatesbasedonfactorscurrentlyknowntousandthatactualeventsorresultscoulddiffermaterially.Forimportantfactorsthatmaycauseactualresultstodifferfromthose

containedinourforward-lookingstatements,pleasereviewourfilingswiththeSEC.Theforward-lookingstatementsmadeinthethispresentationarebeingmadeasofthetimeanddateofitslivepresentation.Ifreviewedafteritslivepresentation,thispresentationmaynotcontaincurrentoraccurateinformation.

Wedonotassumeanyobligationtoupdateanyforwardlookingstatementswemaymake.

Inaddition,anyinformationaboutourroadmapoutlinesourgeneralproductdirectionandissubjecttochangeatanytimewithoutnotice.Itisforinformationalpurposesonlyandshallnot,beincorporatedintoanycontractorothercommitment.Splunkundertakesnoobligationeithertodevelopthefeatures

orfunctionalitydescribedortoincludeanysuchfeatureorfunctionalityinafuturerelease.

WhyMachineLearning?

Humans are good at learning, but we get lost

in volume and details…

WhydoweneedMachineLearning?

- ImproveDecisionMaking- ForecastorPredictKPIs- AlertonDeviation- Uncoverhiddentrendsor

relationships

AllofthisrequiresDiverseDatafromacrossManySilos.LotsofUnstructured,RealTimeData.

RuntheBusinessinReal-time

DataFromthePast Real-timeData StatisticalForecastT– afewdays T+afewdays

SecurityOperationsCenter

ITOperationsCenter

BusinessOperationsCenter

Predictive(Models)

Descriptive(BITools,DataLakes) Greyspace

WhatisMachineLearning?

ML 101: What is Machine Learning?What: “Field of study that gives computers the ability to learn

without being explicitly programmed” – A. Samuel, 1959How: Generalizing (learning) from examples (data)

Simple ML workflow:– EXPLORE data– FIT models based on data– APPLY models in production– VALIDATE models– REPEAT

Learning From Data[Prediction]• When we see thick clouds and an overcast sky, we

predict that it’s likely going to rain

[Estimation/ Regression]• Estimate how much an apartment costs based on its

location, condition and prices of properties in that neighborhood

[Classification/ Clustering]• Determine the gender of a person based on her/his

features, hair style and the way s/he dresses

[Anomaly Detection] • Identify the odd one out

[Reinforcement Learning]• If I made a mistake this time, can I do better next time?

Allofushavehadsomeexperienceinlearning.But…what’sbehindourexperience?Howdowetranslatethatknowledgetocode?

Major Types of Machine Learning1. Supervised Learning: generalizing from labeled data

Major Types of Machine Learning2.Unsupervised Learning:generalizingfromunlabeled data?

3. Reinforcement Learning: • System is rewarded (or punished) based on the outcomes it generates• Action leads to a change in the state of the world and generates an error score

Major Types of Machine Learning

MachineLearningWithSplunk

OverviewofMLatSplunk

CorePlatformSearch PackagedPremiumSolutions CustomML

PlatformforOperationalIntelligence

SplunkITServiceIntelligence

GetData Defineservices,entitiesandKPIs

Monitorandtroubleshoot

Analyzeanddetect

Data-Defined,Data-DrivenServiceInsights

PackagedML:AdaptiveThresholdsandAnomalyDetection

OneofseveralPremiumSolutions

SplunkMachineLearningToolkit

Assistants: Guidemodelbuilding,testing,&deployingforcommonobjectivesShowcases: InteractiveexamplesfortypicalIT,security,business,IoTusecases

Algorithms: 25+standardalgorithmsavailableprepackagedwiththetoolkitSPLMLCommands:Newcommandstofit,testandoperationalizemodelsPythonforScientificComputingLibrary:300+opensourcealgorithmsavailableforuse

Buildcustomanalyticsforanyusecase

ExtendsSplunkplatformfunctionsandprovidesaguidedmodelingenvironment

Algorithmssupported(v2.0)

ITSI,UBA

DomainExpertise(IT,Security,…)

DataScienceExpertise

SplunkExpertise

CustomMachineLearning– SuccessFormula

Identifyusecases

Drivedecisions

Setbusiness/opspriorities

Dataprep

Statistics/mathbackground

Algorithmselection

Modelbuilding

SplunkMLToolkitfacilitatesandsimplifiesviaexamples&guidance

Operationalsuccess

Summary:TheMLProcessProblem:<Stuffintheworld>causesbigtime&moneyexpense.ValueHypothesisSolution:BuildMLmodeltoforecast<possibleincidents>,actpre-emptively&learn

nalize

1. Getalltherellevant datatotheproblem;Explore thedata

2. SelectandFitanalgorithem onthedata,generatingamodel

3. Apply &Validatemodelsuntilpredictionssolvetheproblem

4. SurfacethemodeltoXOps,whoconsumethemodeltosolvetheproblem

MachineLearningProcesswithSplunk

CollectData

Explore/Visualize

Evaluate

Clean/Transform

Publish/Deploy

props.conf,transforms.conf,DatamodelsAdd-onsfromSplunkbase,etc.

Pivot,TableUI,SPLMLToolkit

Alerts,Dashboards,Reports

SplunkArchitecture&ML

ContinuousDataIngestatScale

DevelopVisualize PredictAlertSearch

Engineers DataAnalysts

SecurityAnalysts

BusinessUsers

NativeInputsTCP,UDP,Logs,Scripts,Wire,Mobile

IndustrialData

SCADA,AMI,MeterReads

ModularInputsMQTT,AMQP,COAP,REST,JMS

HTTPEventCollectorTokenAuthenticatedEvents

RealTime

TechnologyPartnershipsKepware,AWSIoT,Cisco,PaloAlto

MaintenanceInfo

AssetInfo

DataStores

ExternalLookups/Enrichment

IndustrialAssets

ConsumerandMobileDevices

SenseandRespond

RealTime Search Alert

Third-PartyApplications

SmartphonesandDevices

Tickets

Sendanemail

Fileaticket

Sendatext

Flashlights

Triggerprocessflow

IndustrialAssets

EverySearchCanUseMachineLearning

Splunk:DataFabric

IndustrialAssets

RealTime

ITusers Analysts BusinessUsers

AdHocSearch

CustomDashboards

MonitorandAlert

Reports/Analyze

Clickstreams HadoopDevices Networks

GPS/Cellular

OnlineShoppingCarts

Servers Applications

Analysts BusinessUsers

DataWarehouses

StructuredDataSources

CRM ERP HR Billing Product Finance

DBConnectLook-ups

ODBCSDKAPI

Differentlenses intothesamedata

SCADAOpsCenter BizOpsCenter

ITOpsCenter

Compliance

SecurityOpsCenter

DataReuse=GreaterDataLeverageFraudOpsCenter,etc…

MachineLearningUseCases

MLIsAllAroundYou!Recall:EXPLORE>FIT>APPLY>VALIDATE>REPEAT

• Facedetection:findfacesinimages

• Spamfiltering:identifySPAMmessages

• ShoppingRecommendations:predictwhatcustomerswouldliketobuy

• Frauddetection:identifycreditcardtransactionswhichmaybefraudulentinnature

• Weatherforecast:predictwhetherornotitwillraintomorrow;estimatedailymax/min

MachineLearningCustomerSuccess

NetworkIncidentDetectionServiceDegradationDetection Security/FraudPrevention

PrioritizeWebsiteIssuesandPredictRootCause

PredictGamingOutagesFraudPrevention

MachineLearningConsultingServices AnalyticsAppbuiltonMLToolkit

Optimizingoperationsandbusinessresults

CellTowerIncidentDetectionOptimizeRepairOperations

Entertainment Company

MLToolkitCustomerUseCases

Speedingwebsiteproblemresolutionbyautomaticallyrankingactionsforsupportengineers

Reducingcustomerservicedisruptionwithearlyidentificationofdifficult-to-detectnetworkincidents

Minimizingcelltowerdegradationanddowntimewithimprovedissuedetectionsensitivity

Improvingcelltoweruptimeandreducingrepairtruckroleswithanomalydetectionandrootcauseanalysis

Predictingandavertingpotentialgamingoutageconditionswithfiner-graineddetection

EnsuringmobiledevicesecuritybydetectinganomaliesinIDauthentication

PreventingfraudbyIdentifyingmaliciousaccountsandsuspiciousactivitiesEntertainment Company

DetectNetworkOutliersReduceddowntime+increasedserviceavailability=bettercustomersatisfaction

MLUseCase Monitornoiserisefor20,000+celltowerstoincreaseserviceanddeviceavailability,reduceMTTR

Technicaloverview • Acustomizedsolutiondeployedinproductionbasedonoutlierdetection.• Leveragepreviousmonthdataandvotingalgorithms

“TheabilitytomodelcomplexsystemsandalertondeviationsiswhereITandsecurityoperationsareheaded…SplunkMachineLearninghasgivenusaheadstart...”

ReliablewebsiteupdatesProactivewebsitemonitoringleadstoreduceddowntime

“SplunkMLhelpsusrapidlyimproveend-userexperiencebyrankingissue severitywhichhelpsusdeterminerootcausesfasterthusreducingMTTRandimprovingSLA”

• Veryfrequentcodeandconfig updates(1000+daily)cancausesiteissues• Finderrorsinserverpools,thenprioritizeactionsandpredictrootcause

• CustomoutlierdetectionbuiltusingMLToolkitOutlierassistant• BuiltbySplunkArchitectwithnoDataSciencebackground

MLUseCase

Technicaloverview

NextSteps!

NextStepswithSplunkML• ReachouttoyourTechTeam!WecanhelparchitectMLworkflows.• LotsofMLcommandsinCoreSplunk(predict,anomalydetection,stats)

• MLToolkit&Showcase– availableandfree,readytouse

• SplunkITSI:AppliedMLforITOAusecases– Manage1000sofKPIs&alerts– AdaptiveThresholding&AnomalyDetection

• SplunkUBA:AppliedMLforSecurity– UnsupervisedlearningofUsers&Entities– SurfacesAnomalies&Threats

• MLCustomerAdvisoryProgram:– ConnectwithProduct&Engineeringteams- mlprogram@splunk.com

WhatElse?• GettheMachineLearningToolkitfromSplunkbase• GowatchMachineLearningVideosonSplunkYoutube Channel

http://tiny.cc/splunkmlvideos

• Go watchtheMachineLearningstalksfromConf 2016:– AdvancedMachineLearninginSPLwiththeMachineLearningToolkitbyJacob

Leverich– ExtendingSPLwithCustomSearchCommandsandtheSplunkSDKforPythonby

JacobLeverich

• EarlyAdopterAndCustomerAdvisoryProgram:mlprogram@splunk.com• FieldMLArchitects:AndrewStein(astein@),BrianNash(bnash@)

ThankYou

What’sNewsinceour0.9BetaRelease(lastyear’s.conf)?

• Newnameandabbreviation;-)• Noeventlimits(removalof50Klimitonfittingmodels)

• Configurableresourcecapsviamlspl.conf

• Searchheadclusteringsupport• Distributed/streamingapply• Scheduledfit• Newalgorithms(nextslide)

– Featureengineeringandselection– Stochasticgradientdescent(e.g.)– ARIMA

• Multi-algorithmsupportacrossAssistants

• Scatterplotmatrixviz• Alerting• Tooltips• In-apptours• ClusterNumericEventsassistant• VideosvideosvideosforeachassistantacrossIT,Security,IoT andBusinessAnalytics

• ML-SPLCheatSheet