Elastic X-pack plugin predicts the dynamic baseline for our data and according to that specifies the anomalies out of the box.
All these stuff are getting done behind the scene. My question is this how xpack learns from previous data and dynamically change the baseline. Does that use a specific algorithm?
Is there any document for this?
The algorithms used for Elasticsearch's Machine Learning are a mixture of techniques, including clustering, various types of time series decomposition, bayesian distribution modelling and correlation analysis.
Here are some resources where you can deep dive into how it works:
- 2018's Elastic{ON} featured this presentation: "The Math Behind Elastic Machine Learning", a recording is available here: https://www.elastic.co/elasticon/conf/2018/sf/the-math-behind-elastic-machine-learning
- The C++ code which implements the core analytics for machine learning is available on github: https://github.com/elastic/ml-cpp
I found some good answers on this website which belongs to the Prelert the engine is applied by elastic for anomaly detection.