The data is ready to be reviewed once it has been collected, cleaned, and organised. There are various methods of analysis depending on the processes, intended use of the data, and the size of the data sets. Some of the options include:
- Classification: It can be easier to filter and adjust data when it is labelled with keyword tags that organise the data into different categories.
- Pattern recognition: Detecting patterns by filtering messages can assist with the recognition of data patterns that may assist in the detection of anomalies.
- Artificial ignorance: Data can be more difficult to sift through with routine log messages increasing the density. Artificial ignorance is a machine learning system that ignores more routine updates unless they did not occur.
- Correlation analysis: It can be ineffective to gather information from servers, operating systems, and network devices when there isn’t a way to compare the data in the event that there is a single system-wide event. Correlation analysis works through messages from all components related to an event.
This is also referred to as multi-dimensional anomaly detection.