0
0
Elasticsearchquery~20 mins

Machine learning anomaly detection in Elasticsearch - Practice Problems & Coding Challenges

Choose your learning style9 modes available
LearnWhyDeepVisualTryChallengeProjectRecallTime
Challenge - 5 Problems
🎖️
Elasticsearch Anomaly Detection Master
Get all challenges correct to earn this badge!
Test your skills under time pressure!
Predict Output
intermediate
2:00remaining
What is the output of this Elasticsearch anomaly detection query?

Given the following Elasticsearch ML anomaly detection job query, what will be the value of is_anomaly for the bucket with anomaly_score 85?

Elasticsearch
{
  "job_id": "network_traffic",
  "start": "now-1h",
  "end": "now",
  "anomaly_score": 85
}
Ais_anomaly = true because anomaly_score > 75
Bis_anomaly = false because anomaly_score < 90
Cis_anomaly = true because anomaly_score > 90
Dis_anomaly = false because anomaly_score < 50
Attempts:
2 left
💡 Hint

Elasticsearch flags anomalies when the anomaly score is above 75.

data_output
intermediate
2:00remaining
How many anomaly records are returned by this query?

Consider an Elasticsearch ML anomaly detection job that returns the following JSON snippet of anomalies detected in the last day. How many anomalies have an anomaly_score greater than 80?

Elasticsearch
{
  "anomalies": [
    {"timestamp": 1680000000000, "anomaly_score": 82},
    {"timestamp": 1680003600000, "anomaly_score": 77},
    {"timestamp": 1680007200000, "anomaly_score": 90},
    {"timestamp": 1680010800000, "anomaly_score": 65}
  ]
}
A3
B2
C1
D4
Attempts:
2 left
💡 Hint

Count only anomalies with anomaly_score strictly greater than 80.

🔧 Debug
advanced
2:00remaining
What error does this Elasticsearch ML job configuration cause?

Review this ML job configuration snippet. What error will Elasticsearch return when trying to create this job?

Elasticsearch
{
  "job_id": "cpu_usage",
  "analysis_config": {
    "bucket_span": "15m",
    "detectors": [
      {"function": "mean", "field": "cpu_percent"},
      {"function": "sum", "field": "cpu_percent"}
    ]
  },
  "data_description": {"time_field": "timestamp"}
}
AError: Invalid bucket_span format
BError: Missing required field 'influencers'
CError: Multiple detectors with the same field and incompatible functions
DNo error, job created successfully
Attempts:
2 left
💡 Hint

Check if the combination of detectors is allowed in Elasticsearch ML.

🚀 Application
advanced
2:00remaining
Which option correctly filters anomalies with high severity in Elasticsearch ML results?

You want to filter anomaly detection results to show only anomalies with anomaly_score greater than 90. Which Elasticsearch query snippet achieves this?

A{ "query": { "range": { "anomaly_score": { "gt": 90 } } } }
B{ "query": { "term": { "anomaly_score": 90 } } }
C{ "query": { "exists": { "field": "anomaly_score" } } }
D{ "query": { "match": { "anomaly_score": ">90" } } }
Attempts:
2 left
💡 Hint

Use a range query to filter numeric fields.

🧠 Conceptual
expert
2:00remaining
What is the primary advantage of using machine learning anomaly detection in Elasticsearch over static threshold alerts?

Choose the best explanation for why Elasticsearch ML anomaly detection is preferred over fixed threshold alerts in monitoring data streams.

AStatic thresholds can detect anomalies faster than ML models
BML requires less computational resources than static threshold alerts
CML adapts to changing data patterns and detects subtle anomalies without predefined thresholds
DML models do not need any historical data to detect anomalies
Attempts:
2 left
💡 Hint

Think about how ML models learn from data patterns over time.