is this normal
play

Is this normal? Finding anomalies in real-time data. Who am I? Im - PowerPoint PPT Presentation

Dec 30, 2023 •138 likes •327 views

Is this normal? Finding anomalies in real-time data. Who am I? Im Theo (@postwait on Twitter) I write a lot of code 50+ open source projects several commercial code bases I wrote Scalable Internet Architectures I sit on the ACM

  1. Is this normal? Finding anomalies in real-time data.

  2. Who am I? I’m Theo (@postwait on Twitter) I write a lot of code 50+ open source projects several commercial code bases I wrote “Scalable Internet Architectures” I sit on the ACM Queue and Professions boards. I spend all day looking at telemetry data at Circonus

  3. What is real-time? Hard real-time systems are those where the outputs of a system based on specific inputs are considered incorrect if the latency of their delivery is above a specified amount. Soft real-time systems are similar, but “less useful” instead of “incorrect.” I don’t design life support systems, avionics or other systems where lives are at stake, so it’s a soft real-time life for me.

  4. A survey of big data sytems. Traditional: Oracle, Postgres, MySQL, Teradata, Vertica, Netezza, Greenplum, Tableau, K The shiny: Hadoop, Hive, HBase, Pig, Cassandra The real-time: SQLstream, S4, Flumebase, Truviso, Esper, Storm

  5. Big data the old way Relational databases, both column store and not. Just work. Likely store more data than your “big data.”

  6. Big data the distributed way distributed systems allow much larger data sets, but markedly change the data analytics methods hard for existing quants to roll up their sleeves highly scalable and accommodate growth

  7. Big data the real-time way what we do needs a different approach the old (and even the distributed) do not design for soft real-time complex observation of data. Notable exceptions are S4 and Storm.

  8. So, what’s your problem? We have telemetry... over 10 trillion data points on near-line storage growing super-linearly

  9. Data, what kind? Most data is numeric: counts, averages, derivatives, stddevs, etc. Some data is: text changes (ssh fingerprints, production launches) histograms highly dimensional event streams.

  10. Data rates. Quantity of data isn’t such a big deal okay, yes it is, but we’ll get to that later. The rate of new data arrival makes the problem hard. low end: 15k datum / second high end: 300k datum / second growing rapidly

  11. What we use. We use Esper Esper is very powerful, elegantly coded and performance focused http://www.flickr.com/photos/mcertou/ Like any good tool that allows users to write queries...

  12. What we do with Esper Detect absence in streams: select b from pattern [every a=Event -> (timer:interval(30 sec) and not b=Event(id=a.id, metric=a.metric)] Detect ad-hoc threshold violation: select * from Event(id=”host1”, metric=”disk1”) where value > 95 etc. etc. etc. [1]

  13. Making the problem harder. So, it just wasn’t enough. We want to do long term trending and apply that information to anomaly detection Think: Holt-Winters (or multivariate regressions) Look at historic data Use that to predict the immediate future with some quantifiable confidence.

  14. How we do it. We implemented the Snowth for storage of data. [2] We implemented a C/lua distributed system to analyze 4 weeks of data (~8k statistical aggregates) yielding a prediction with confidences (triple exponential smoothing) [3] To keep the system real-time, we need to ensure that queries return in less than 2ms (our goal is 100µs).

  15. Cheating is winning. Our predictions work on 5 minute windows. 4 weeks of data is 8064 windows. Given Pred(T -8063 .. T 0 ) -> (P 1 , C 1 ) Given Pred(T -8062 .. T 0 , P 1 ) -> ~(P 2 , C 2 )

  16. Tolerably inaccurate. When V arrives, we determine the prediction window W N we need. If W N isn’t in cache, we assume V is within tolerances. If W N+1 isn’t in cache, we query the Snowth for W N , W N+1 placing in cache Cache accesses are local and always < 100µs.

  17. I see challenges How do I take offline data analytics techniques and apply them online to high-volume, low-latency event streams quickly? without deep expertise?

  18. Thank you. Circonus is hiring: software engineers, quants, and visualization engineers. [1] http://esper.codehaus.org/tutorials/solution_patterns/solution_patterns.html [2] http://omniti.com/surge/2011/speakers/theo-schlossnagle [3] http://labs.omniti.com/people/jesus/papers/holtwinters.pdf

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

f Slides 3.3 Normal subgroups is the set of elements that normalize He wording we say Ngat E Ng H

f Slides 3.3 Normal subgroups is the set of elements that normalize He wording we say Ngat E Ng H

Sec 3.6 Normalizers and another application of corsets not normal in G Idea If H L G but H G measure how far It is from being normal we want to H OG iff Recall the Def V xH Hx X E G how far It is from being normal One way to measure X E G e

511 views • 3 slides
Christchurch Earthquake Christchurch Earthquake New Normal or Old Normal, and Implications for

Christchurch Earthquake Christchurch Earthquake New Normal or Old Normal, and Implications for

Christchurch Earthquake Christchurch Earthquake New Normal or Old Normal, and Implications for Policy Professor Paul Somerville Chief Geoscientist Risk Frontiers, Macquarie University Outline Outline The New Normal The New Normal

711 views • 55 slides
Chapter 5 Slide 1 Normal Probability Distributions 5-1 Overview 5-2 The Standard Normal

Chapter 5 Slide 1 Normal Probability Distributions 5-1 Overview 5-2 The Standard Normal

Chapter 5 Slide 1 Normal Probability Distributions 5-1 Overview 5-2 The Standard Normal Distribution 5-3 Applications of Normal Distributions 5-4 Sampling Distributions and Estimators 5-5 The Central Limit Theorem 5-6 Normal as

1.01k views • 88 slides
Normal Distribution Paranormal Distribution Anna Karlin Most Slides by

Normal Distribution Paranormal Distribution Anna Karlin Most Slides by

Normal Distribution Paranormal Distribution Anna Karlin Most Slides by Alex Tsun Agenda The Normal/Gaussian RV Closure properties of the Normal RV The standard normal CDF The Central Limit Theorem! The

699 views • 49 slides
E Egocentric Localization: t i L li ti Normal and Abnormal Normal and Abnormal

E Egocentric Localization: t i L li ti Normal and Abnormal Normal and Abnormal

E Egocentric Localization: t i L li ti Normal and Abnormal Normal and Abnormal Aspects Kenneth J. Ciuffreda, O.D., Ph. D. Diana P. Ludlam, B.S., C.O.V.T. Naveen K. Yadav, B.Sc.(Optom.), M.Sc. , ( p ), Language should not g

595 views • 37 slides
Schematic Presentation Of Normal Massage Points Schematic representation of normal ECG. Diagram

Schematic Presentation Of Normal Massage Points Schematic representation of normal ECG. Diagram

Schematic Presentation Of Normal Massage Points Schematic representation of normal ECG. Diagram showing how the 3.1 Q wave, 3.2 R wave progression, 3.3 J-point Normal Q waves, when present, represent depolarization of the interventricular

1.38k views • 3 slides
Normal forms and normalization An example of normalization using normal forms We assume we have

Normal forms and normalization An example of normalization using normal forms We assume we have

Normal forms and normalization An example of normalization using normal forms We assume we have an enterprise that buys products from different supplying companies, and we would like to keep track of our data by means of a database. We would like

205 views • 9 slides
The Normal Distribution: The Normal curve is a mathematical abstraction which conveniently

The Normal Distribution: The Normal curve is a mathematical abstraction which conveniently

The Normal Distribution: The Normal curve is a mathematical abstraction which conveniently describes (&quot;models&quot;) many frequency distributions of scores in real-life. length of time before someone looks away in a staring contest:

579 views • 29 slides
Normal 1 24/05/2017 We now think of it as normal 2 24/05/2017 3 24/05/2017 4

Normal 1 24/05/2017 We now think of it as normal 2 24/05/2017 3 24/05/2017 4

24/05/2017 What is Zero Carbon? Normal 1 24/05/2017 We now think of it as normal 2 24/05/2017 3 24/05/2017 4 24/05/2017 - but theres a Catch-22 5 24/05/2017 A plan that delivers what the physics &amp; the ambition of

648 views • 54 slides
Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics

Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics

Analysis of MAP in CRP Normal-Normal model ukasz Rajkowski Faculty of Mathematics, Informatics and Mechanics University of Warsaw l.rajkowski@mimuw.edu.pl November 28, 2016 ukasz Rajkowski Analysis of MAP in CRP Normal-Normal model

799 views • 52 slides
Some Continuous Distributions Normal Distribution The normal distribution with parameters and

Some Continuous Distributions Normal Distribution The normal distribution with parameters and

ST 435/535 Statistical Methods for Quality and Productivity Improvement / Statistical Process Control Some Continuous Distributions Normal Distribution The normal distribution with parameters and &gt; 0 has probability density function

1.24k views • 25 slides
Functional Dependencies Decompositions Normal Forms: BCNF, Third Normal Form

Functional Dependencies Decompositions Normal Forms: BCNF, Third Normal Form

Functional Dependencies Decompositions Normal Forms: BCNF, Third Normal Form Introduction to Multivalued Dependencies A poor choice of a relational database schema can lead to redundancy and related anomalies.

858 views • 64 slides
From normal to anomalous deterministic diffusion Part 2: From normal to anomalous Rainer Klages

From normal to anomalous deterministic diffusion Part 2: From normal to anomalous Rainer Klages

Outline Particle billiards Weakly chaotic map CTRW theory End From normal to anomalous deterministic diffusion Part 2: From normal to anomalous Rainer Klages Queen Mary University of London, School of Mathematical Sciences Sperlonga, 20-24

705 views • 39 slides
Normal behavior in heavy rare-earths Electrical resistivity minimum in Gd 2 PdSi 3 (also in single

Normal behavior in heavy rare-earths Electrical resistivity minimum in Gd 2 PdSi 3 (also in single

E. V. Sampatkumaran Tata Institute of Fundamental Research Mumbai 400005, India Unusual electrical and magnetoresistance anomalies in the paramagnetic state of NORMAL rare-earth compounds RCuAs 2 (R= Normal R, also Ce) R 7 Rh 3

382 views • 35 slides
JUST THE MATHS SLIDES NUMBER 19.8 PROBABILITY 8 (The normal distribution) by A.J.Hobson

JUST THE MATHS SLIDES NUMBER 19.8 PROBABILITY 8 (The normal distribution) by A.J.Hobson

JUST THE MATHS SLIDES NUMBER 19.8 PROBABILITY 8 (The normal distribution) by A.J.Hobson 19.8.1 Limiting position of a frequency polygon 19.8.2 Area under the normal curve 19.8.3 Normal distribution for continuous variables UNIT 19.8

402 views • 14 slides
ACMS 20340 Statistics for Life Sciences Chapter 11: The Normal Distributions Introducing the

ACMS 20340 Statistics for Life Sciences Chapter 11: The Normal Distributions Introducing the

ACMS 20340 Statistics for Life Sciences Chapter 11: The Normal Distributions Introducing the Normal Distributions The class of Normal distributions is the most widely used variety of continuous probability distributions. Normal density curves

382 views • 35 slides
TIME MANAGEMENT PRESENTATION OVERVIEW Know what's 1 on your plate Self-management 2 Make a

TIME MANAGEMENT PRESENTATION OVERVIEW Know what's 1 on your plate Self-management 2 Make a

TIME MANAGEMENT PRESENTATION OVERVIEW Know what's 1 on your plate Self-management 2 Make a plan &amp; stick 3 to it KNOW WHAT'S ON YOUR PLATE: Make a list of what needs to be done tomorrow right before bed Look up all due dates and

264 views • 9 slides
26 TH STREET PROJECT BENJAMIN J. MAHONEY | CONSTRUCTION MANAGEMENT 1 FINAL PRESENTATION | APRIL

26 TH STREET PROJECT BENJAMIN J. MAHONEY | CONSTRUCTION MANAGEMENT 1 FINAL PRESENTATION | APRIL

Marymount University 26 TH STREET PROJECT BENJAMIN J. MAHONEY | CONSTRUCTION MANAGEMENT 1 FINAL PRESENTATION | APRIL 13, 2010 Marymount University 26 TH STREET PROJECT BENJAMIN J. MAHONEY | CONSTRUCTION MANAGEMENT FINAL PRESENTATION | APRIL

695 views • 42 slides
Design of CIC of CIC Compensators Compensators With With SPT SPT Design Coefficients Based

Design of CIC of CIC Compensators Compensators With With SPT SPT Design Coefficients Based

Design of CIC of CIC Compensators Compensators With With SPT SPT Design Coefficients Based Based o on Interval n Interval Analysis Analysis Coefficients Matija Glavini Pecoti , Goran Molnar, and Mladen Vu i Siemens CMT d. d.

456 views • 19 slides
Constant Propagation and Interval Analysis Daniela Moldovan 29. May 2010 Daniela Moldovan

Constant Propagation and Interval Analysis Daniela Moldovan 29. May 2010 Daniela Moldovan

Seminar Static Program Analysis Constant Propagation and Interval Analysis Daniela Moldovan 29. May 2010 Daniela Moldovan Constant Propagation and Interval Analysis 1 / 70 Outline Motivation 1 Constant Propagation 2 Interval Analysis 3

952 views • 70 slides
2 MAINTAIN YOUR NABERS ENERGY RATING Ethan Burns Sustainability Now THE ENERGY JOURNEY EN

2 MAINTAIN YOUR NABERS ENERGY RATING Ethan Burns Sustainability Now THE ENERGY JOURNEY EN

2 MAINTAIN YOUR NABERS ENERGY RATING Ethan Burns Sustainability Now THE ENERGY JOURNEY EN ENERGY FUNDAMENTALS MANAGE DEM DEMAND &amp; &amp; POW POWER FACTOR TOPICS MAINTAIN YOUR NABERS ENERGY RATING 1 Recap The benefits of

771 views • 57 slides
We all perceive time differently, shouldnt our clocks do the same? STORY is the first

We all perceive time differently, shouldnt our clocks do the same? STORY is the first

We all perceive time differently, shouldnt our clocks do the same? STORY is the first levitating timepiece that travels through the air allowing you to personalize your own time and your most special journeys. Once upon a time, our ancestors

504 views • 13 slides
Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices

Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices

Mathematical Simulation and Optimization of Semiconductor Devices Mathematical Simulation and Michael D ohler Zheng He Optimization of Semiconductor Devices Maike Lorenz Philipp Monreal Aleksandra Rakic Sapna Sharma Instructor:

884 views • 53 slides
Loop Invariants [Andersen, Gries, Lee, Marschner, Van Loan, White] Announcements Prelim 2

Loop Invariants [Andersen, Gries, Lee, Marschner, Van Loan, White] Announcements Prelim 2

CS 1110: Introduction to Computing Using Python Lecture 21 Loop Invariants [Andersen, Gries, Lee, Marschner, Van Loan, White] Announcements Prelim 2 conflicts due by midnight tonight Lab 11 is out Due in 2 weeks because of Prelim 2

658 views • 42 slides

More recommend