Actual value

I created 2 jobs both using data as A, as below
JOB1

"analysis_config": {
    "bucket_span": "15m",
    "detectors": [
      {
        "detector_description": "High count of events",
        "function": "count",
        "by_field_name": "b",
        "custom_rules": [
          {
            "actions": [
              "skip_result"
            ],
            "conditions": [
              {
                "applies_to": "actual",
                "operator": "lt",
                "value": 54
              }
            ]
          }
        ],
        "detector_index": 0
      }
    ],
    "influencers": [],
    "model_prune_window": "30d"
    "query": {
      "bool": {
        "must": [
          {
            "match_all": {}
          }
        ]
      }
    },
    "indices": [
      "A"
    ],

JOB2

"analysis_config": {
    "bucket_span": "15m",
    "detectors": [
      {
        "detector_description": "High count of events",
        "function": "count",
        "by_field_name": "b",
        "custom_rules": [
          {
            "actions": [
              "skip_result"
            ],
            "conditions": [
              {
                "applies_to": "actual",
                "operator": "lt",
                "value": 1200
              }
            ]
          },
          {
            "actions": [
              "skip_result"
            ],
            "scope": {
              "src_ip": {
                "filter_id": "b_43",
                "filter_type": "include"
              }
            },
            "conditions": [
              {
                "applies_to": "actual",
                "operator": "lt",
                "value": 1200
              }
            ]
          }
        ],
        "detector_index": 0
      }
    ],
    "influencers": [],
    "model_prune_window": "30d"
   "query": {
      "bool": {
        "must": [
          {
            "match_all": {}
          }
        ]
      }
    },
    "indices": [
      "A"
    ],

I noticed a common anomaly in these 2 jobs at the time: May 6th 2024, 09:15:00 to May 6th 2024, 09:30:00.
The actual value corresponds to 2 jobs at this unusual point
JOB1

Actual
    24136
Typical
    10019
Record score
    6.226
Initial record score
    6.226
Probability
    0.0000443

JOB2

Function
    count
Actual
    22569
Typical
    9942.2
Job ID
    
Record score
    5.993
Initial record score
    5.993
Probability
    0.000202

When I query the value of by_field_name:"b" at an unusual time, the result returned is: 20905

GET /A/_count
{
  "query": {
    "bool": {
      "must": [
        {
          "term": {
            "b": "xxxxxx"
          }
        },
        {
          "range": {
            "@timestamp": {
              "gte": "2024-05-06T09:15:00",
              "lte": "2024-05-06T09:30:00"
            }
          }
        }
      ]
    }
  }
}

{
  "count": 20905,
  "_shards": {
    "total": 9,
    "successful": 9,
    "skipped": 0,
    "failed": 0
  }
}

I want to ask why the actual values in the two jobs are different and different from the data I query? Previously, I read a blog post that said the actual value is the value taken from actual data. Please explain to me why the results are different