Hello.
I wont to detect this anomaly (high traffic):
But I dont want detect anomaly with traffic for less then 1 Mbytes. How can I exclude the detection of anomalies with a small amount of traffic? I want detect anomaly only high traffic. My jobs based upon the observed past behavior.
Doing an analysis using something like high_mean(yourfieldname) will restrict the finding of the anomalies on the high-side (and not anomalies for unusually low values). This will properly find the anomaly shown above. Anomalies are always scored relative to their level of unusualness, so smaller spikes are scored lower than larger spikes. You would then potentially alert only on the high scoring anomalies.
However, if you are asking for the functionality such as "find me anomalous spikes in the data, but NEVER in the case where the anomalous value is less than 1 Mbyte, then you'll need to wait for a few versions for a forthcoming feature that will allow specific rules to override/control what gets considered an anomaly.
Great news! Tell me when is it planned to release this feature? In which version of the elastic it appears?
This feature is planned for v6.4 coming within the next few months, but we cannot guarantee that.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
