I've got a detection rule set up for a anomaly job, it checks whether in the last 5 minutes an anomaly higher than 50, 75 or 90 was reported and then performs two action: index a document with data such as the score, influencers and timestamp and send a message to a teams channel. tested both connectors and they both work. Still when an anomaly occurs in the data stream, none of the actions are executed. When i check for occurencies on which the rule should reponds, it shows 59 anomalies, still nothing happend on the other side.
Can someone tell me where to look for the problem?
First of all, consider upgrading your cluster to a version in which the Alerting is GA, and no longer Beta.
Secondly, what you experience sounds like a situation in which the lookback interval is shorter than the job's bucket_span. Found under advanced settings. From the docs:
Lookback interval sets an interval that is used to query previous anomalies during each condition check. Its value is derived from the bucket span of the job and the query delay of the datafeed by default. It is not recommended to set the lookback interval lower than the default value as it might result in missed anomalies.
So, compare your job's bucket_span value and the value set for the Lookback interval. The Lookback interval should be 2 times the value of bucket_span
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.