-
|
Hi, Is it possible to monitor data transfer volumes per IP address and set up alerts for deviations from normal patterns? Thanks. |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 1 reply
-
|
I think this sounds like a good fit for OpenSearch Dashboards' Anomaly Detection feature. I think I would start by creating a detector on Note that, in my experience at least, since this model is self-training, determining the baseline takes at least a couple of weeks' worth of data before you start getting useful anomalies. But once it's been running for a while on your data set it becomes pretty accurate. |
Beta Was this translation helpful? Give feedback.
-
|
thank you for suggestion, will try, cheers! |
Beta Was this translation helpful? Give feedback.
I think this sounds like a good fit for OpenSearch Dashboards' Anomaly Detection feature. I think I would start by creating a detector on
network.bytesand then create a bucket probably onsource.ipor mayberelated.ip. See the opensearch dashboards and opensearch documentation for more info.Note that, in my experience at least, since this model is self-training, determining the baseline takes at least a couple of weeks' worth of data before you start getting useful anomalies. But once it's been running for a while on your data set it becomes pretty accurate.