Hey,
I'm running a machine learning job using a partition key.
I want to stop alerting on one of the partition key, or even better if I could remove all the data for this particular partition value and not alert anymore.
The only way I found is to add a filter. Is there a cleaner way to do that?
There is the possibility of a filter on the data feed query - if that's what you mean.
But, also, if you want to stop the creation of anomalies for a particular entity, you can use Custom Rules (specifically, Filters) to have ML ignore those entities.
If you want to continue to flag anomalies, but not alert, then obviously that is a different task that would be relegated to building that logic into the Watch. Essentially you would have to maintain a separate "lookup table" index of entity names that you want to exclude from alerting and Watcher would have to compare entities with anomalies against this "allowed to alert" lookup table.
Also, as Kibana Alerting matures and ML eventually moves from using Watcher to Kibana Alerting, there will also be the ability to mute the alerting for a specific entity within a set.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
