As the volume of observability data explodes, relying solely on human analysis can lead to undesired impacts on apps and infrastructure, as well as unsustainable SRE and developer workload. Learn how machine learning features embedded in Elastic Observability workflows enable reliability, efficiency, and sustainability outcomes for enterprise IT teams — no data scientists required.

1. Realizing your AIOps goals with
Elastic Machine Learning
Mukesh Gadiya | Sr. Manager, Product Management
Tom Grabowski | Principal Product Manager
Jim Avazpour | Director of Infrastructure @Cerner

2. This presentation and the accompanying oral presentation contain forward-looking statements, including statements
concerning plans for future offerings; the expected strength, performance or benefits of our offerings; and our future
operations and expected performance. These forward-looking statements are subject to the safe harbor provisions
under the Private Securities Litigation Reform Act of 1995. Our expectations and beliefs in light of currently
available information regarding these matters may not materialize. Actual outcomes and results may differ materially
from those contemplated by these forward-looking statements due to uncertainties, risks, and changes in
circumstances, including, but not limited to those related to: the impact of the COVID-19 pandemic on our business
and our customers and partners; our ability to continue to deliver and improve our offerings and successfully
develop new offerings, including security-related product offerings and SaaS offerings; customer acceptance and
purchase of our existing offerings and new offerings, including the expansion and adoption of our SaaS offerings;
our ability to realize value from investments in the business, including R&D investments; our ability to maintain and
expand our user and customer base; our international expansion strategy; our ability to successfully execute our
go-to-market strategy and expand in our existing markets and into new markets, and our ability to forecast customer
retention and expansion; and general market, political, economic and business conditions.
Additional risks and uncertainties that could cause actual outcomes and results to differ materially are included in
our filings with the Securities and Exchange Commission (the “SEC”), including our Annual Report on Form 10-K for
the most recent fiscal year, our quarterly report on Form 10-Q for the most recent fiscal quarter, and any
subsequent reports filed with the SEC. SEC filings are available on the Investor Relations section of Elastic’s
website at ir.elastic.co and the SEC’s website at www.sec.gov.
Any features or functions of services or products referenced in this presentation, or in any presentations, press
releases or public statements, which are not currently available or not currently available as a general availability
release, may not be delivered on time or at all. The development, release, and timing of any features or functionality
described for our products remains at our sole discretion. Customers who purchase our products and services
should make the purchase decisions based upon services and product features and functions that are currently
available.
All statements are made only as of the date of the presentation, and Elastic assumes no obligation to, and does not
currently intend to, update any forward-looking statements or statements relating to features or functions of services
or products, except as required by law.
Forward-Looking Statements

3. By 2023, 40% of DevOps teams will augment
app and infra monitoring tools with AIOps
platform capabilities to decrease mean time
to problem resolution and the resultant
operational costs.
Gartner Market Guide for AIOps Platform,
November 2019

4. 4
What constitutes an AIOps platform?*
• Ingesting data from various sources for cross-domain analysis
• Real time anomaly detection based on historical data analysis
• Storing and providing access to the raw data
• Suggesting prescriptive responses to analysis
• Initiating an action or next step based on the prescription
* Gartner Market Guide for AIOps Platform, November 2019

5. 5
* Gartner Market Guide for AIOps Platform, November 2019
What constitutes an AIOps platform?*
• Ingesting data from various sources for cross-domain analysis
• Real time anomaly detection based on historical data analysis
• Storing and providing access to the raw data
• Suggesting prescriptive responses to analysis
• Initiating an action or next step based on the prescription

6. 6
Machine Learning
Anomaly Detection
10 years development & industry
leading technology
Unsupervised machine learning
Automatically detect anomalies, outliers from
group, and rare events
Sophisticated ML Job UI
Interactive views of model and anomaly
scoring
Root cause analysis
Report on factors influencing anomalies
On-Demand Forecasting
Forecast out time series metrics

7. AIOps outcomes enabled by Elastic Machine Learning
• Reduce MTTR for SREs (Demo)
– Alert noise reduction
– Anomalies correlation
– Root cause analysis
– Log categories
• Reduce time to value for Dev teams
– Auto-grok for custom log parsing
– One click ML integration in APM, Logs, Infra metrics and Synthetics

8. Observability + Machine Learning
 Cerner

9. • Cerner Corporation is a
supplier of healthcare
information technology
HCIT systems, services,
devices and hardware
– 29,000 employees
in 30 countries
• Cerner’s Millennium Service
provides Electronic Medical
Record (EMR access to
27,000 customers
(hospitals, doctors, etc.) in
26 countries
• Cerner Network
– 19 Data Centers (11 in US
– Carrier Grade Network
– 170,000 servers
– 1,900 circuits
– Nationwide fiber rings
– 560,000 network ports
– 500 Remote Hosted Clients
– 260,000  Peak Concurrent Users
Who is Cerner?

10. Large Scale Infrastructure Monitoring Challenges
• Data Volume
– Require cost-effective, scalable and resilient ingestion platforms
• Gaps In Monitoring Resolutions
– Data Feed 1 DF1  industry standard alert intervals are set too high to reduce noise
– Data Feed 2 DF2  every violation must generate an alert
– DF1 vs DF2  not all alerts need to be console bound
• Lower MTTK & MTTR
– Alert tagging for service to resource mapping
– Grouping and categorizing service-related violations
• Utilizing Machine Learning
– Baselining, Deviation from normal
– Identifying abnormalities

11. Thank You!
• Sign up on Elastic Cloud and try the power of Elastic ML
○ https://cloud.elastic.co/registration
• Elastic ML Case studies
○ Cerner, TMobile, Sky, PostBank, ETrade, IHG
• Elastic ML Forum
○ https://discuss.elastic.co/tag/stack-machine-learning

12. Appendix
Additional slides for supervised
learning walkthrough

13. Delivering ML solutions throughout the data science process
Machine Learning end-to-end methodology
Define a ML
problem and
propose a
solution
Construct your
dataset
Transform data Train a model
Use the model
to make
predictions
Elastic Stack delivers an end-to-end machine
learning pipeline providing the path from raw
data to building, testing, and deploying
machine learning models in production

14. 14
Which customers are likely to churn?
Machine Learning end-to-end methodology
{ "customer_id": "028fa21e", "session_id": "MA0l6PC5", "@timestamp":
"2019-05-08T18:46:22", "request_type": "streaming_tv", "channel": "bbc",
"title": "Line of Duty" }
{ "customer_id": "a4ca7c7c", "session_id": "LMSXQXHg", "@timestamp":
"2019-05-08T18:49:34", "request_type": "streaming_film", "channel":
"ziggo", "title": "Glass" }
{ "customer_id": "avad97s3", "session_id": "LMSXQXHg", "@timestamp":
"2019-05-08T18:50:34", "request_type": "streaming_film", "channel":
"ziggo", "title": "Glass" }
{ "customer_id": "dce909a0", "session_id": "MA0l6PC5", "@timestamp":
"2019-05-08T18:51:23", "request_type": "streaming_film", "channel":
"ziggo", "title": "Glass" }
{ "customer_id": "vfva09a09", "session_id": "LMSXQXHg", "@timestamp":
"2019-05-08T18:52:14", "request_type": "streaming_film", "channel":
"ziggo", "title": "Glass" }
{ "customer_id": "sdfd9s90", "session_id": "MA0l6PC5", "@timestamp":
"2019-05-08T18:54:51", "request_type": "streaming_film", "channel":
"ziggo", "title": "Glass" }
...
Data is often raw logs
Define a ML
problem and
propose a
solution
Construct your
dataset
Transform data Train a model
Use the model
to make
predictions
Customer behavior is often described
by aggregate features

15. 15
Transform raw data to a feature index
Machine Learning end-to-end methodology
Define a ML
problem and
propose a
solution
Construct your
dataset
Transform
data
Train a model
Use the model
to make
predictions
{
"customer_id": "028fa21e",
"session_id": "MA0l6PC5",
"@timestamp": "2019-05-08T18:46:22",
"request_type": "streaming_tv",
"channel": "bbc",
"title": "Line of Duty"
},
{
"customer_id": "a4ca7c7c",
"session_id": "LMSXQXHg",
"@timestamp": "2019-05-08T18:49:34",
"request_type": "streaming_film",
"channel": "ziggo",
"title": "Glass"
},
...
PUT _transform/customer_behaviour
{
"source": {
"index": ["viewing_logs"]
},
"description": "Pivot viewing logs to customer-centric index",
"dest": {"index": "customer_behaviour"},
"pivot": {
"group_by": {
"customer_id": {"terms":{"field": "customer_id"}
}
},
"aggregations": {
"total_tv_shows": {...},
"total_films": {...},
...
}
}
}
{
"customer_id": "028fa21e",
"total_tv_shows": 10,
"total_films": 2,
"total_watching_duration": 72123,
"last_active": "019-05-08T18:46:22",
...
},
{
"customer_id": "a4ca7c7c",
"total_tv_shows": 23,
"total_films": 8,
"total_watching_duration": 184212,
"last_active": "2019-05-08T18:49:34",
...
},
...
RAW Data Customer Index

16. Build a model on historical data that has a churn indicator
Machine Learning end-to-end methodology
Define a ML
problem and
propose a
solution
Construct your
dataset
Transform data Train a model
Use the model
to make
predictions
customer a customer b
total duration
of customer
sessions 80:21:07 1:01:11
tv episodes
watched 24 1
films watched
in last month 5 0
newness of
titles watched
in last month 9.8 1.2
Change in
duration 6:22:17 16:43:29
subscription
plan gold platinum
customer tenure 32 26
has churned? no yes
ML Supervised
Model
train/validate/test
Model Name: churn_e2r21
Model Precision: 96.3%
Model Recall: 95.7%
Model F1 score: 96.0%

17. 17
Use model inference to make predictions on streaming data
Machine Learning end-to-end methodology
Define a ML
problem and
propose a
solution
Construct your
dataset
Transform data Train a model
Use the model
to make
predictions
customer c
total duration of
customer sessions 10:10:06
tv episodes
watched 2
films watched in
last month 1
newness of titles
watched in last
month 1.6
change in duration
this month 17:22:17
customer plan gold
customer tenure 5
customer c
Feature
Influence
total duration of
customer sessions 10:10:06 0.1
tv episodes
watched 2 0.8
films watched in
last month 1 0.8
newness of titles
watched in last
month 1.6 0.01
change in
duration of this
month 17:22:17 0.6
customer plan gold 0.01
customer tenure 5 0.1
will churn? p(churn) = 97%
ML Supervised
Model
predict

18. 18
Elastic + Jupyter Notebooks
pip install eland
https://github.com/elastic/eland
http://eland.readthedocs.io/

19. Demo

20. Thank You!