{"id":19144,"date":"2016-04-11T21:30:24","date_gmt":"2016-04-11T18:30:24","guid":{"rendered":"https:\/\/www.altoros.com\/blog\/?p=19144"},"modified":"2019-06-20T03:51:21","modified_gmt":"2019-06-20T00:51:21","slug":"how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app","status":"publish","type":"post","link":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/","title":{"rendered":"How to Use Elastic Services for Anomaly Detection on IBM Bluemix"},"content":{"rendered":"<p>This post explains how to use the ELK services\u2014<a href=\"https:\/\/www.elastic.co\/elasticsearch\/\" target=\"_blank\" rel=\"noopener noreferrer\">Elasticsearch<\/a>, <a href=\"https:\/\/www.elastic.co\/logstash\/\" target=\"_blank\" rel=\"noopener noreferrer\">Logstash<\/a>, and <a href=\"https:\/\/www.elastic.co\/kibana\/\" target=\"_blank\" rel=\"noopener noreferrer\">Kibana<\/a>\u2014to detect anomalies in an application. Additionally, we integrate <a href=\"https:\/\/www.elastic.co\/what-is\/kibana-alerting\" target=\"_blank\" rel=\"noopener noreferrer\">Watcher<\/a> to send an e-mail when an anomaly happens.<\/p>\n<p>&nbsp;<\/p>\n<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_79_2 counter-hierarchy ez-toc-counter ez-toc-transparent ez-toc-container-direction\">\n<div class=\"ez-toc-title-container\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<span class=\"ez-toc-title-toggle\"><a href=\"#\" class=\"ez-toc-pull-right ez-toc-btn ez-toc-btn-xs ez-toc-btn-default ez-toc-toggle\" aria-label=\"Toggle Table of Content\"><span class=\"ez-toc-js-icon-con\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #999;color:#999\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #999;color:#999\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/span><\/a><\/span><\/div>\n<nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Scenario\" >Scenario<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-2\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Installing_the_ELK_services_and_Watcher\" >Installing the ELK services and Watcher<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-3\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Configuring_the_services\" >Configuring the services<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-4\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Running_the_stack_on_Bluemix\" >Running the stack on Bluemix<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-5\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Conclusions\" >Conclusions<\/a><\/li><li class='ez-toc-page-1 ez-toc-heading-level-3'><a class=\"ez-toc-link ez-toc-heading-6\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#Further_reading\" >Further reading<\/a><\/li><\/ul><\/nav><\/div>\n<h3><span class=\"ez-toc-section\" id=\"Scenario\"><\/span>Scenario<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>To build an application, we use <a href=\"https:\/\/github.com\/soveran\/cuba\" target=\"_blank\" rel=\"noopener noreferrer\">Cuba<\/a>, a Ruby microframework for web development. The application has the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/health-check<\/code> endpoint that returns HTTP 200 in 80% of cases and HTTP 500 in the other 20% of cases.<\/p>\n<p>There is also a button on the index page that alters the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/health-check<\/code> endpoint returning the HTTP 500 message in 70% of cases and slows down the response time in the other 30% of requests. Then, after 10 requests, the endpoint returns to its original behavior.<\/p>\n<p>Logstash sends a request to <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/health-check<\/code> and saves the response data (time, status code, and so on) in Elasticsearch. Kibana reads the saved data in Elasticsearch; you can search and browse your data interactively as well as create and view custom dashboards. Watcher is configured to periodically run an Elasticsearch query, and if a condition is evaluated as true, it should send out an e-mail notification.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Installing_the_ELK_services_and_Watcher\"><\/span>Installing the ELK services and Watcher<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Elasticsearch<\/strong><\/p>\n<blockquote>\n<p>\u201cElasticsearch is a highly scalable open-source full-text search and analytics engine. It allows you to store, search, and analyze big volumes of data quickly and in near real time. It is generally used as the underlying engine\/technology that powers applications that have complex search features and requirements.\u201d \u2014Source: <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/1.4\/getting-started.html\" target=\"_blank\" rel=\"noopener noreferrer\">elastic.co<\/a><\/p>\n<\/blockquote>\n<p>To install Elasticsearch, you need to <a href=\"https:\/\/www.elastic.co\/downloads\/elasticsearch\" target=\"_blank\" rel=\"noopener noreferrer\">download<\/a> the package you want. (I\u2019ve chosen the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.deb<\/code> package because I\u2019m working on Ubuntu.) After installing the service, you can run it using the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">sudo service elasticsearch start<\/code> command. To verify whether Elasticsearch has been started, type the following command:<\/p>\n<pre style=\"padding-left: 30px;\"><code>curl -X GET http:\/\/localhost:9200\/<\/code><\/pre>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/verify-elasticsearch-started-command.png\" alt=\"verify-elasticsearch-started-command\" width=\"569\" height=\"239\" class=\"aligncenter size-full wp-image-19418\" \/><\/center><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Logstash<\/strong><\/p>\n<blockquote>\n<p>\u201cLogstash is an open source data collection engine with real-time pipelining capabilities. Logstash can dynamically unify data from disparate sources and normalize the data into destinations of your choice. Cleanse and democratize all your data for diverse advanced downstream analytics and visualization use cases.\u201d \u2014Source: <a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/introduction.html\" target=\"_blank\" rel=\"noopener noreferrer\">elastic.co<\/a><\/p>\n<\/blockquote>\n<p>The process of installing Logstash is similar to installing Elasticsearch. You can <a href=\"https:\/\/www.elastic.co\/downloads\/logstash\" target=\"_blank\" rel=\"noopener noreferrer\">download<\/a> the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.deb<\/code> package and run it with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">sudo service logstash start<\/code> command. However, in this case, I choose the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.tar.gz<\/code> package because you can easily select what configuration file is used by Logstash for start.<\/p>\n<p>To test your installation, go to the extracted folder:<\/p>\n<pre style=\"padding-left: 30px;\"><code>cd logstash-{logstash_version}<\/code><\/pre>\n<p>Then, execute <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">bin\/logstash -e 'input { stdin { } } output { stdout {} }'<\/code>.<\/p>\n<p>The <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">-e<\/code> flag enables you to specify a configuration directly from the command line. This pipeline takes input from standard input\u2014<code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">stdin<\/code>\u2014and moves that input to standard output\u2014<code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">stdout<\/code>\u2014in a structured format. Type <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">hello world<\/code> in the command prompt to see the Logstash response.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/logstash-response.png\" alt=\"logstash-response\" width=\"556\" height=\"90\" class=\"aligncenter size-full wp-image-19417\" \/><\/center><\/p>\n<p>Later, I\u2019ll explain how to run the service with the configuration file that we want.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Kibana<\/strong><\/p>\n<blockquote>\n<p>\u201cKibana is an open source analytics and visualization platform designed to work with Elasticsearch. You use Kibana to search, view, and interact with data stored in Elasticsearch indices. You can easily perform advanced data analysis and visualize your data in a variety of charts, tables, and maps.<\/p>\n<p>Kibana makes it easy to understand large volumes of data. Its simple, browser-based interface enables you to quickly create and share dynamic dashboards that display changes to Elasticsearch queries in real time.\u201d \u2014Source: <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/introduction.html\" target=\"_blank\" rel=\"noopener noreferrer\">elastic.co<\/a><\/p>\n<\/blockquote>\n<p>You can <a href=\"https:\/\/www.elastic.co\/downloads\/kibana\" target=\"_blank\" rel=\"noopener noreferrer\">download<\/a> Kibana from the official website. (I chose the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.tar.gz<\/code> package.) Then, in the extracted folder, run <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">bin\/kibana<\/code>. Before starting Kibana, you also need to have an Elasticsearch instance running.<\/p>\n<p>If everything works well, you\u2019ll see the Kibana dashboard at <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">http:\/\/localhost:5601<\/code>.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-kibana-dashboard.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-kibana-dashboard.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-kibana-dashboard\" width=\"640\" class=\"aligncenter size-full wp-image-19413\" \/><\/a><\/center><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Watcher<\/strong><\/p>\n<blockquote>\n<p>\u201cWatcher is a plugin for Elasticsearch that provides alerting and notification based on changes in your data.\u201d \u2014Source: <a href=\"https:\/\/www.elastic.co\/guide\/en\/watcher\/current\/introduction.html\" target=\"_blank\" rel=\"noopener noreferrer\">elastic.co<\/a><\/p>\n<\/blockquote>\n<p>To <a href=\"https:\/\/www.elastic.co\/downloads\/watcher\" target=\"_blank\" rel=\"noopener noreferrer\">start<\/a> working with Watcher, install the plugin first. When doing so, you need to know <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/2.2\/setup-dir-layout.html\" target=\"_blank\" rel=\"noopener noreferrer\">where<\/a> is your directory path to <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/bin\/plugin<\/code>.<\/p>\n<p>If you\u2019ve installed Elasticsearch from the the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.deb<\/code> package, you need to run the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">sudo \/usr\/share\/elasticsearch\/bin\/plugin install elasticsearch\/license\/latest<\/code> and <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">sudo \/usr\/share\/elasticsearch\/bin\/plugin install elasticsearch\/watcher\/latest<\/code> commands.<\/p>\n<p>If you\u2019ve installed Elasticsearch from the the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.tar.gz<\/code> package, go to the extracted folder and run the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">bin\/plugin install license<\/code> and <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">bin\/plugin install watcher<\/code> commands.<\/p>\n<p>When you get a warning requesting additional permissions, keep in mind that Watcher needs these permissions to set the threat context loader during installation so it can send e-mail notifications.<\/p>\n<p>To verify the installation, execute the following command:<\/p>\n<pre style=\"padding-left: 30px;\"><code>curl -XGET 'http:\/\/localhost:9200\/_watcher\/stats?pretty'<\/code><\/pre>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/verify-watcher-installation.png\" alt=\"verify-watcher-installation\" width=\"534\" height=\"183\" class=\"aligncenter size-full wp-image-19419\" \/><\/center><\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Configuring_the_services\"><\/span>Configuring the services<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p><strong>Logstash<\/strong><\/p>\n<p>You need to create a configuration file that specifies what plugins you want to use and settings for each plugin. The file has a separate section for each type of plugin you add to the event processing pipeline. For example:<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/configuring-logstash-how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix.png\" alt=\"configuring-logstash-how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix\" width=\"561\" height=\"303\" class=\"aligncenter size-full wp-image-19409\" \/><\/center><\/p>\n<p>You use <em>inputs<\/em> to get data into Logstash (for example, data from a file, syslog, or endpoints). <em>Filters<\/em> are intermediary processing devices in the Logstash pipeline (for example, for JSON, CSV, or Elasticsearch). <em>Outputs<\/em> are the final phase of the Logstash pipeline that informs Logstash about where to save the output (for example, to a file, stdout, or Elasticsearch).<\/p>\n<p>You can find more examples and documentation about Logstash on the <a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/configuration.html\" target=\"_blank\" rel=\"noopener noreferrer\">Elastic<\/a> website.<\/p>\n<p>When configuring Logstash, we use <a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/plugins-inputs-http_poller.html\" target=\"_blank\" rel=\"noopener noreferrer\"><code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">http_poller<\/code><\/a>, a Logstash input plugin  that \u201callows you to call an HTTP API, decode the output of it into event(s), and send them on their merry way\u201d, and <a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/plugins-outputs-elasticsearch.html\" target=\"_blank\" rel=\"noopener noreferrer\"><code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">elasticsearch<\/code><\/a> as an output plugin. I used a basic configuration for both plugins to read the data from the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/health-check<\/code> endpoint and save it in Elasticsearch. You can see the configuration file with comments explaining each line <a href=\"https:\/\/gist.github.com\/lcostantini\/a1379aa6ec7328644d32\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Kibana<\/strong><\/p>\n<p>The default settings for Kibana are enough for the purpose of the article. I\u2019ll explain the <strong>Settings<\/strong> tab of the Kibana server running on <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">http:\/\/localhost:5601<\/code>.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-configure-kibana-index-pattern.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-configure-kibana-index-pattern.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-configure-kibana-index-pattern\" width=\"640\" class=\"aligncenter size-full wp-image-19410\" \/><\/a><\/center><\/p>\n<p>By default, Kibana uses indices saved in Elasticsearch with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">logstash-*<\/code> name. This is the <a href=\"https:\/\/www.elastic.co\/guide\/en\/logstash\/current\/plugins-outputs-elasticsearch.html#plugins-outputs-elasticsearch-index\" target=\"_blank\" rel=\"noopener noreferrer\">default<\/a> index name used by the Logstash <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">elasticsearch<\/code> plugin, so we don\u2019t change anything. Also, we need to specify the field with the timestamp, which is required and used by Kibana for filtering. In this case, it is <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">@timestamp<\/code>.<\/p>\n<p>Now, we can go to the <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/discover.html\" target=\"_blank\" rel=\"noopener noreferrer\">Discover<\/a> tab and see all logs saved in Elasticsearch. You can filter the logs, for example, by status with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">@status:500<\/code> filter. Then you can go to the <a href=\"https:\/\/www.elastic.co\/guide\/en\/kibana\/current\/visualize.html\" target=\"_blank\" rel=\"noopener noreferrer\">Visualize<\/a> tab to choose an option for visualizing your data.<\/p>\n<p>Also, in Kibana, you can see Watcher data saved in Elasticsearch. Enter <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">.watch_history*<\/code> as an index name on the settings page and then select <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">trigger_event.triggered_time<\/code> in <strong>Time_field name<\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Watcher<\/strong><\/p>\n<p>A typical watch consists of four building blocks:<\/p>\n<ul>\n<li style=\"margin-bottom: 12px\"><strong>Trigger.<\/strong> Controls how often a watch is triggered.<\/li>\n<li style=\"margin-bottom: 12px\"><strong>Input.<\/strong> Gets the data that you want to evaluate.<\/li>\n<li style=\"margin-bottom: 12px\"><strong>Condition.<\/strong> Evaluates the data you\u2019ve loaded into the watch and determines if any action is required.<\/li>\n<li style=\"margin-bottom: 12px\"><strong>Actions.<\/strong> Define what to do when the watch condition evaluates to true, such as sending an e-mail, call third-party webhooks, write documents to Elasticsearch or log messages to the standard Elasticsearch log files.<\/li>\n<\/ul>\n<p>I\u2019ve prepared two configuration files. In the <a href=\"https:\/\/gist.github.com\/lcostantini\/6296ac20cd268be8a345\" target=\"_blank\" rel=\"noopener noreferrer\">first<\/a> one, I set the <em>trigger<\/em> to run my watch every 20 seconds. There is a query in the <em>input<\/em> for finding all logs with the HTTP status code 500. Then, in the <em>condition<\/em> block, I check if the query returns two or more statuses with the 500 code. Finally, in the <em>actions<\/em>, I send an e-mail if the condition is true. The <a href=\"https:\/\/gist.github.com\/lcostantini\/6d531fa611daa2b2830d\" target=\"_blank\" rel=\"noopener noreferrer\">second<\/a> file has the same configuration, but the query there looks for slow requests.<\/p>\n<p>To send a notification e-mail, modify the Elasticsearch configuration file first. After you find the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">elasticsearch.yml<\/code> file (you can see where it is <a href=\"https:\/\/www.elastic.co\/guide\/en\/elasticsearch\/reference\/current\/setup-dir-layout.html#default-paths\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>), you need to add a couple of lines to it. The image below is an example for Gmail.<\/p>\n<p><center><img loading=\"lazy\" decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-watcher.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-watcher\" width=\"521\" height=\"305\" class=\"aligncenter size-full wp-image-19416\" \/><\/center> <\/p>\n<p>You can find more details about the e-mail configuration <a href=\"https:\/\/www.elastic.co\/guide\/en\/watcher\/current\/email-services.html\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a>.<\/p>\n<p>To upload the configuration files to Watcher and create the index in Elasticsearch, use these commands: <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">curl -X PUT 'http:\/\/localhost:9200\/_watcher\/watch\/500_detection' -d @500_watch<\/code> and <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">curl -X PUT 'http:\/\/localhost:9200\/_watcher\/watch\/slow_requests_detection' -d @slow_requests_watch<\/code>. The first command creates a new watch with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">500_detection<\/code> name. (You can choose any name you want.) The <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">-d @<\/code> flag tells <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">curl<\/code> to read the <a href=\"https:\/\/gist.github.com\/lcostantini\/6296ac20cd268be8a345\" target=\"_blank\" rel=\"noopener noreferrer\">watch<\/a> file with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">500_watch<\/code> name for loading the settings.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Running_the_stack_on_Bluemix\"><\/span>Running the stack on Bluemix<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>The first thing you need to do is to clone the <a href=\"https:\/\/github.com\/lcostantini\/anomaly-detection\" target=\"_blank\" rel=\"noopener noreferrer\">repository<\/a> and log in to Bluemix. You can log in with the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">cf login<\/code> command and then run the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">cf push <em>app-name<\/em><\/code> command. (I use <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">anomaly-detection<\/code> as the application name.)<\/p>\n<p>In the repository, you\u2019ll see the <a href=\"https:\/\/github.com\/lcostantini\/anomaly-detection\/blob\/master\/manifest.yml\" target=\"_blank\" rel=\"noopener noreferrer\">manifest<\/a> file with a minimal configuration. I had to select the buildpack because I used Cuba. Cloud Foundry can\u2019t detect what buildpack to choose for this type of applications. Also, I added the command for running the server.<\/p>\n<p>&nbsp;<\/p>\n<p><strong>Running the ELK stack<\/strong><\/p>\n<p>I can deploy Kibana on Bluemix using a service for Elasticsearch and then see data from the application in Kibana. But I have two problems. First, the service used for Elasticsearch (Searchly) doesn\u2019t have the Watcher plugin installed, so I need to run my own Elasticsearch version. Second, for deploying Logstash, I\u2019ve found two posts <a href=\"https:\/\/developer.ibm.com\/bluemix\/2015\/12\/11\/sending-logs-to-bluemix-using-logstash-agent\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> and <a href=\"https:\/\/developer.ibm.com\/bluemix\/2015\/12\/11\/sending-logs-to-bluemix-using-logstash-forwarder\/\" target=\"_blank\" rel=\"noopener noreferrer\">here<\/a> that explain how to send logs to Bluemix using the Logstash agent, but they aren\u2019t helpful in my case.<\/p>\n<p>So, I\u2019ve decided to use a container and found out that Bluemix <a href=\"https:\/\/console.bluemix.net\/docs\/containers\/container_images_adding_ov.html#container_images_adding_ov\" target=\"_blank\" rel=\"noopener noreferrer\">supports<\/a> Docker images already stored in the <a href=\"https:\/\/hub.docker.com\/search?q=&#038;type=image\" target=\"_blank\" rel=\"noopener noreferrer\">Docker Hub<\/a> and adds them to a private registry hosted by IBM. I chose the most <a href=\"https:\/\/hub.docker.com\/r\/sebp\/elk\/\" target=\"_blank\" rel=\"noopener noreferrer\">popular image<\/a> for ELK, modified the image, and created a <a href=\"https:\/\/github.com\/lcostantini\/elk-docker\" target=\"_blank\" rel=\"noopener noreferrer\">GitHub<\/a> repository for it.<\/p>\n<p>Now, you can <a href=\"https:\/\/console.bluemix.net\/docs\/containers\/container_images_adding_ov.html#container_images_building\" target=\"_blank\" rel=\"noopener noreferrer\">build<\/a> the image and then use it in Bluemix for creating new containers. To do that, use the IBM Containers plugin for Cloud Foundry. <a href=\"https:\/\/console.bluemix.net\/docs\/containers\/container_cli_ov.html#container_cli_cfic_install\" target=\"_blank\" rel=\"noopener noreferrer\">Here<\/a> are the installation guidelines.<\/p>\n<p>After you install the plugin, you can run the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">cf ic build -t registry.ng.bluemix.net\/NAMESPACE\/elk<\/code> command in the image folder.  With the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">cf ic images<\/code> command, you can see all images available in Bluemix and the one we created.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-running-the-elk-stack.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-running-the-elk-stack.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-running-the-elk-stack\" width=\"640\" class=\"aligncenter size-full wp-image-19415\" \/><\/a><\/center><\/p>\n<p>To use the image in a new container, you can work with the CLI or the Bluemix dashboard. I\u2019ll use the dashboard. You need to click <strong>START CONTAINERS<\/strong>, then you\u2019ll see the image that we\u2019ve pushed. Select the <strong>elk<\/strong> image, and you can configure and run a new container using this image.<\/p>\n<p><center><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-container-images.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-container-images\" width=\"640\" class=\"aligncenter size-full wp-image-19411\" \/><\/center><\/p>\n<p>Add a name for the container and change the size to <strong>Small<\/strong>. In the <strong>Public IP address<\/strong>, select the <strong>Request and Bind Public IP<\/strong> option. Finally, in the <strong>Public ports<\/strong> field, specify the port where the stack will run: 5601, 5000, and 9200. When all is configured, click the <strong>Create<\/strong> button.<\/p>\n<p><center><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-elk.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-elk\" width=\"640\" class=\"aligncenter size-full wp-image-19412\" \/><\/center><\/p>\n<p>You can go to the IP assigned to the container on port 5601 and see all data in real time. Your data saved by Logstash and Watcher is there. Here is an example of the dashboard showing data saved by Logstash.<\/p>\n<p><center><a href=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\"><img decoding=\"async\" src=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\" alt=\"how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard\" width=\"640\" class=\"aligncenter size-full wp-image-19414\" \/><\/a><\/center><\/p>\n<p>Once you have the container running, go to the index page of the application and click the <strong>Add Anomaly<\/strong> button to slow down responses (in 30% of cases) or return an HTTP 500 (in 70% of cases) for the next 10 requests. After these 10 requests, the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">\/health-check<\/code> endpoint returns to its original error rate.<\/p>\n<p>To slow down the response time of requests, I added a <a href=\"https:\/\/github.com\/lcostantini\/anomaly-detection\/blob\/master\/app.rb#L22\" target=\"_blank\" rel=\"noopener noreferrer\">sleep<\/a> before a response. In the Logstash configuration file, I created the <code style=\"color: #222222; background-color: #e6e6e6; padding: 1px 2px;\">slow_requests<\/code> <a href=\"https:\/\/gist.github.com\/lcostantini\/a1379aa6ec7328644d32#file-localhost_logstash-conf-L34-L40\" target=\"_blank\" rel=\"noopener noreferrer\">tag<\/a> for requests that take more than 0.9 seconds.<\/p>\n<p>Finally, if everything is configured correctly, you\u2019ll start to receive e-mails when an anomaly is detected by Watcher.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Conclusions\"><\/span>Conclusions<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<p>If you already have some knowledge about the ELK stack, implementing Watcher is an easy process supported by good documentation.<\/p>\n<p>If you don\u2019t have any knowledge about ELK, you need to spend some time learning about each of the services. Again, all of them have good documentation, and you can find ready configuration for multiple cases.<\/p>\n<p>To deploy the ELK stack and Watcher on Bluemix, you can use integration with Docker. This makes things simpler because you only need to choose an image from the Docker Hub, modify it for your situation, and then build it on Bluemix. Also, the plugin for extending the functionality of the Cloud Foundry command line interface to containers is very helpful.<\/p>\n<p>&nbsp;<\/p>\n<h3><span class=\"ez-toc-section\" id=\"Further_reading\"><\/span>Further reading<span class=\"ez-toc-section-end\"><\/span><\/h3>\n<ul>\n<li><a href=\"https:\/\/www.altoros.com\/research-papers\/kibana-on-ibm-bluemix-how-to-deploy-and-use-for-visualization-of-elasticsearch-data\/\">Kibana on IBM Bluemix: How to Deploy and Use for Visualization of Elasticsearch Data<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/deploying-kibana-to-ibm-bluemix-for-exploring-elasticsearch-data\/\">Deploying Kibana to IBM Bluemix for Exploring Elasticsearch Data<\/a><\/li>\n<li><a href=\"https:\/\/www.altoros.com\/blog\/deploying-a-rails-app-with-elasticsearch-to-ibm-bluemix\/\">Deploying a Rails App with Elasticsearch to IBM Bluemix<\/a><\/li>\n<\/ul>\n","protected":false},"excerpt":{"rendered":"<p>This post explains how to use the ELK services\u2014Elasticsearch, Logstash, and Kibana\u2014to detect anomalies in an application. Additionally, we integrate Watcher to send an e-mail when an anomaly happens.<\/p>\n<p>&nbsp;<\/p>\n<p>Scenario<\/p>\n<p>To build an application, we use Cuba, a Ruby microframework for web development. The application has the \/health-check endpoint that returns HTTP [&#8230;]<\/p>\n","protected":false},"author":74,"featured_media":19414,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"content-type":"","footnotes":"","_links_to":"","_links_to_target":""},"categories":[214],"tags":[873,187],"class_list":["post-19144","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-tutorials","tag-cloud-native","tag-ibm-bluemix"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v26.6 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros<\/title>\n<meta name=\"description\" content=\"From the tutorial, you will learn how to install and configure each of the services and how to run the entire stack on Bluemix.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros\" \/>\n<meta property=\"og:description\" content=\"This post explains how to use the ELK services\u2014Elasticsearch, Logstash, and Kibana\u2014to detect anomalies in an application. Additionally, we integrate Watcher to send an e-mail when an anomaly happens. &nbsp; Scenario To build an application, we use Cuba, a Ruby microframework for web development. The application has the \/health-check endpoint that returns HTTP [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/\" \/>\n<meta property=\"og:site_name\" content=\"Altoros\" \/>\n<meta property=\"article:published_time\" content=\"2016-04-11T18:30:24+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2019-06-20T00:51:21+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1857\" \/>\n\t<meta property=\"og:image:height\" content=\"655\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Leandro Costantini\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Leandro Costantini\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/\",\"name\":\"How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros\",\"isPartOf\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\",\"datePublished\":\"2016-04-11T18:30:24+00:00\",\"dateModified\":\"2019-06-20T00:51:21+00:00\",\"author\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/f3c2ad80365ed5c422e5f8a447071cfe\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png\",\"width\":1857,\"height\":655},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.altoros.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Use Elastic Services for Anomaly Detection on IBM Bluemix\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#website\",\"url\":\"https:\/\/www.altoros.com\/blog\/\",\"name\":\"Altoros\",\"description\":\"Insight\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.altoros.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/f3c2ad80365ed5c422e5f8a447071cfe\",\"name\":\"Leandro Costantini\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/Leandro_Costantini-140x140.jpg\",\"contentUrl\":\"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/Leandro_Costantini-140x140.jpg\",\"caption\":\"Leandro Costantini\"},\"description\":\"Leandro Costantini is a software engineer at Altoros. He specializes in Ruby on Rails as well as the Rack, Cuba, and Sinatra frameworks. Leandro is a huge fan of extreme programing practices, including TDD and pair programming.\",\"url\":\"https:\/\/www.altoros.com\/blog\/author\/leandro-costantini\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros","description":"From the tutorial, you will learn how to install and configure each of the services and how to run the entire stack on Bluemix.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/","og_locale":"en_US","og_type":"article","og_title":"How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros","og_description":"This post explains how to use the ELK services\u2014Elasticsearch, Logstash, and Kibana\u2014to detect anomalies in an application. Additionally, we integrate Watcher to send an e-mail when an anomaly happens. &nbsp; Scenario To build an application, we use Cuba, a Ruby microframework for web development. The application has the \/health-check endpoint that returns HTTP [...]","og_url":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/","og_site_name":"Altoros","article_published_time":"2016-04-11T18:30:24+00:00","article_modified_time":"2019-06-20T00:51:21+00:00","og_image":[{"width":1857,"height":655,"url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png","type":"image\/png"}],"author":"Leandro Costantini","twitter_misc":{"Written by":"Leandro Costantini","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/","url":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/","name":"How to Use Elastic Services for Anomaly Detection on IBM Bluemix | Altoros","isPartOf":{"@id":"https:\/\/www.altoros.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage"},"image":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage"},"thumbnailUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png","datePublished":"2016-04-11T18:30:24+00:00","dateModified":"2019-06-20T00:51:21+00:00","author":{"@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/f3c2ad80365ed5c422e5f8a447071cfe"},"breadcrumb":{"@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#primaryimage","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2017\/01\/how-to-use-elastic-services-for-anomaly-detection-in-ibm-bluemix-logstash-dashboard.png","width":1857,"height":655},{"@type":"BreadcrumbList","@id":"https:\/\/www.altoros.com\/blog\/how-to-use-elastic-services-for-anomaly-detection-in-an-ibm-bluemix-app\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.altoros.com\/blog\/"},{"@type":"ListItem","position":2,"name":"How to Use Elastic Services for Anomaly Detection on IBM Bluemix"}]},{"@type":"WebSite","@id":"https:\/\/www.altoros.com\/blog\/#website","url":"https:\/\/www.altoros.com\/blog\/","name":"Altoros","description":"Insight","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.altoros.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/f3c2ad80365ed5c422e5f8a447071cfe","name":"Leandro Costantini","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.altoros.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/Leandro_Costantini-140x140.jpg","contentUrl":"https:\/\/www.altoros.com\/blog\/wp-content\/uploads\/2016\/12\/Leandro_Costantini-140x140.jpg","caption":"Leandro Costantini"},"description":"Leandro Costantini is a software engineer at Altoros. He specializes in Ruby on Rails as well as the Rack, Cuba, and Sinatra frameworks. Leandro is a huge fan of extreme programing practices, including TDD and pair programming.","url":"https:\/\/www.altoros.com\/blog\/author\/leandro-costantini\/"}]}},"_links":{"self":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/19144","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/users\/74"}],"replies":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/comments?post=19144"}],"version-history":[{"count":6,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/19144\/revisions"}],"predecessor-version":[{"id":44467,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/posts\/19144\/revisions\/44467"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media\/19414"}],"wp:attachment":[{"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/media?parent=19144"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/categories?post=19144"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.altoros.com\/blog\/wp-json\/wp\/v2\/tags?post=19144"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}