I've been working with the anomaly detection functionality in Kibana. I've got about 500 records processed, all of them have a transaction.name and a custom id that works as an tenant indicator (I'll call it tenantId from now).
So I create a anomaly detection job, with these detectors:
and I get it properly partitioned by all the values in these fields throughout the dataset. However when I try to use a by field, it becomes weird:
count by "tenantId" partitionfield="transaction.name"
count by "transaction.name" partitionfield="tenantId"
I get the choice to select a combination of tenantId - transaction.name, however the dropdowns (on single metric view) are somewhat lacking in data, I can choose like 1 tenantId and 1 transaction.name. Tried to use this a few times and can't really get around this...
What I'm trying to achieve here is to detect anomalies in each tenant and by API method calls because some tenants may be much more busy than others and some method calls may be more used than others.
So any ideas why I can't get a full set of possible tenantIds and transaction.names in those dropdowns?