OpenSearch - Anomaly Detector

372 Views Asked by Shahzad Masud At 19 October 2024 at 21:31

Context:
There are four fields in my data stream (text), id, userName, loginDateTime, loginGeoLocation. A user shouldn't be allowed to log in from different machines (geoLocation), but they are logging in from multiple machines. Data Stream is coming from many external systems & we don't have any control over it, and landing on a Kafka topic, and a logstash pipeline is picking up from and pushing to OpenSearch Indice.

Problem Statement: I want to identify (alert) if some user login from a totally different location than is frequent. For example user-a login from Redwood, CA - but suddenly login from Boston, MS. On this action an alert trigger and send email/push/notify etc. How can we achieve this using pipeline, logstash or any method available with OpenSearch other than development or interceptor on stream.

Original Q&A

There are 1 best solutions below

Shahzad Masud On 26 April 2022 at 04:52

After spending a lot of time, figured out two ways for this,

Create an anomaly detection (https://www.elastic.co/guide/en/machine-learning/7.17/ml-configuring-detector-custom-rules.html)
Use fingerprint filter from logstash while ingressing data (https://www.elastic.co/blog/logstash-lessons-handling-duplicates)
Customise the plugin to use custom written rules (https://github.com/logstash-plugins/logstash-input-java_input_example)

OpenSearch - Anomaly Detector

There are 1 best solutions below

Related Questions in KIBANA

Related Questions in ANOMALY-DETECTION

Related Questions in OPENSEARCH

Related Questions in OPENSEARCH-DASHBOARDS

Trending Questions

Popular # Hahtags

Popular Questions