About details of Multi-Metric Anomaly Detection

In the multi-metric job in anomaly detection, do the metrics affect each other to find the anomalies as multivariate anomaly detection or is the main point of multi-metric job creating a job for different metrics in same time-interval (instead of creating multiple single-metric job for same time interval, creating multi-metric job for the metrics) ?
I saw a topics and tutorials on that, but these are a little bit old, I want to re-ask.

It is not multi-variate in the way that you might be thinking (a confluence of multiple variables affecting a specific feature of interest) - rather it is a parallel analysis of multiple features simultaneously (for scale/efficiency). You can either create multiple detectors (i.e. max(this) and sum(that), etc.) or "split" the analysis along a categorical feature via partition/by fields (count partition=error_code or max(responsetime) by service).

1 Like

Thanks for your response and located the topic to the right category,
In addition, is there a way of checking anomaly detection conditions are occurred (as one or more switch), can this be adjusted in Kibana interface or Anomaly Detection API?
Thanks again for your response...

Hi @Furkan I don't understand your question and what you mean by "as one or more switch". Can you ask in a different way?

I was asking, Can we build or automate to the anomaly detection process to condition-based instead of time-based detection?

If your data has no element of time but is purely attribute-based, you could consider using outlier detection.

Thanks for your responses...

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.