How time series metrics and machine learning are revolutionizing predictive analysis

 Reading time: 5

In the fast-paced world of data, time series metrics act as windows to the past and doors to the future. Each point in time encapsulates valuable information that, when correctly interpreted, can reveal trends, hidden patterns, and significant projections. However, analyzing time series metrics can be challenging due to their dynamic nature and the presence of noise and variability. This is where the transformative power of machine learning comes into play, offering advanced tools and techniques to model, predict, and make data-driven decisions based on temporal data. In this post, we will explain how the combination of machine learning and time series metrics notably facilitates predictive analysis of issues that may occur in our infrastructure.

What does Machine Learning offer us about infrastructure metrics?

Early detection of problems

With the use of Machine Learning, we can detect patterns and trends in infrastructure metrics that may indicate a problem. For example, an increase in CPU load on a server may signal that a specific process is not functioning correctly and consuming too many resources. By detecting these problems early, we can take preventive measures before they become a major issue.

Resource optimization

Analyzing infrastructure metrics with Machine Learning can help identify resources that are not being used efficiently. For example, you may identify servers with an over allocation of resources to evenly distribute where needded. This can help reduce costs and improve overall system efficiency.

Faster problem resolution

With the use of Machine Learning, large amounts of infrastructure metrics can be analyzed to identify the root cause of a problem faster.

Decrease in incidents

By using Machine Learning to identify these patterns, problems can be detected before they become major issues and accurate and timely alarms can be generated to alert the operations team.

What technology can we use to apply Machine Learning to our time series metrics?

There is a wide number of tools available to apply machine learning to our time series metrics, and we find an impressive variety. However, in this blog, we will focus on a particular tool that has proven its worth at Datadope: Elasticsearch. This powerful platform allows us to analyze large volumes of data efficiently, identify patterns and trends, and build predictive models to improve decision-making before problems actually arise.


Machine Learning in Elasticsearch: Detecting Anomalies Efficiently

At the core of Elasticsearch there are powerful anomaly detection “jobs,” designed to identify anomalous patterns in data or, in our case, time series metrics. These jobs leverage a variety of machine learning techniques that will help us analyze and understand infrastructure metrics, allowing for early and accurate detection of potential issues.

Anomaly Detection Models

Elasticsearch uses a combination of anomaly detection methods, such as:

Statistical Models
Unsupervised Learning
Supervised Learning
  • Statistical Models: These models are based on statistics to identify data points that deviate significantly from the overall trend. They include methods such as standard deviation or Grubbs’ outlier value.
  • Unsupervised Learning: Elasticsearch implements unsupervised learning algorithms, such as clustering, to identify groups of data points that behave differently from the rest of the time series.
  • Supervised Learning: In addition, supervised learning models are used to train the system based on data labeled previously as normal or anomalous, allowing for more accurate and personalized anomaly detection.

It is important to note that while anomaly detection in Elasticsearch is primarily based on unsupervised learning techniques, supervised information can also be used in certain cases to improve the accuracy and generalization capability of the model. For example, a user can provide labels for known anomalies to help the system learn and improve its ability to identify anomalies in new data. However, the main focus remains unsupervised learning, as anomaly detection is mostly performed without the need for additional information in the data, just the time series metrics themselves.

Below is a chart of time series metrics (dark blue line) showing detected anomalous behavior (points) compared to expected behavior (light blue shading).

Adaptability and Scalability

What sets Elasticsearch’s anomaly detection jobs apart is their ability to dynamically adapt to changes in the data and scale to handle datasets of any size. This means that Elasticsearch is capable of offering consistent and effective anomaly detection, even in infrastructure environments experiencing frequent changes and that can easily scale to handle large volumes of data.

Examples of anomaly detection functions offered by Elasticsearch

There is a wide variety of functions that we can use in Elasticsearch’s anomaly detection jobs, but based on our experience in using these functions, the ones that provide the most value to us for applying machine learning to infrastructure time series metrics are as follows:

  • Low/High Count: These functions identify periods of time when the event count exceeds a specific threshold. For example, it could detect unexpected spikes in traffic on a web server, which could indicate possible malicious activity or a sudden increase in demand for services. This would provide an early warning of potential performance or security issues that need attention.
  • Low/High Sum: These functions identify periods of time where the sum of metric values exceeds a specific threshold. For example, it could detect an increase in CPU usage on a server, which could indicate system overload or unusual activity. This would allow us to take preventive measures to avoid service interruptions or performance degradation.
  • Min/Max: These functions identify the minimum or maximum value within a specific time interval within a time series. For example, if we are monitoring server temperature, the min function can help us identify the minimum temperature value recorded at a specific time. If we observe an unusually low minimum compared to the historical time series, it could indicate an issue, such as a failure in the server’s cooling system.

It will be very important to know the metrics we are dealing with at all times and the values we are receiving to apply the function that best suits our problem detection needs. I mean by this that, for example, if we are receiving a memory usage metric, we may not use the same function if we receive the percentage of usage as value, as if we receive the exact value in bytes of the current memory usage.


In the world of technology infrastructure management, the analysis of time series metrics plays a crucial role in performance monitoring, issue detection, and informed decision-making. However, the complexity and scale of these data require advanced approaches to extract meaningful insights. This is where the power of machine learning and Elasticsearch’s anomaly detection functions come into play.

Ultimately, by adopting a proactive mindset and effectively using these tools, we can be better prepared to face the challenges of tomorrow.

Sergio Ferrete
Ana Ramírez

Ana Ramírez

Did you find it interesting?

Leave a Reply

Your email address will not be published. Required fields are marked *