AIOps Log Spike analysis
Task 3
In the third task, you will need to find the reason for some anomalous log spikes. Every now and then the application is logging much more than usual. From a technical perspective there is no obvious reason for it (e.g. no cron job running).
Hint
Within the Machine Learning menu in Kibana you can find “Explain Log Rate Spikes”. Use this with the Python Logs saved search. Make sure that you set Deviation and Baseline based on your needs.
Solution
The expected finding is the user named hack0r who tries to get enrichment data from the data base.
After finding the result, it would be a good idea to create a case about it. IT Security will then take care of it from that point. You can do this under Observability -> Cases.
After task 3
When you’ve found the issue, think about what you should do with that information to make sure it’s handled appropriately.