I have a data set that holds data like this:
I want to create an anomaly detection job that alerts about suspicious large transactions but when I create a anomaly detection job it always looks at for example 1 day and not at every single transaction separately
Any Idea how I can make a anomaly detection rule that looks at a single transaction?
Anomaly Detection jobs fundamentally work off the concept of time-slices (called bucket_span). The user has the ability to make the bucket_span small, but that does not guarantee one transaction per bucket.
If unsupervised ML is still desired, an alternative approach is to use population analysis such that each entity (perhaps the sending or the receiving account) is defined as the population. Then, model a feature like the high_sum of the transaction amounts. In this way, you could find accounts that send/receive amounts that are much larger than the collective norm.
Alternatively, if you already know what constitutes a "large transaction" then just build a threshold rule - no ML required.
Thanks for the response!
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
