Anomaly on specific value (0)

hello guys,

(1) I want to make alerts with machine learning when a specific log source don't send any logs for 10 minutes (availability job). I tried it with low count and custom rules but there always showed up anomalies with actual=0 that aren't really zero values.
Is it possible to specify the machine learning job to only look on unexpected zero values? Or is there a much easier way for this common use case?

(2) Some Logsources send very inconsistent so I don't won't to train the data but still want the zero values in my anomalies. Have you some ideas to realize this?

Hi @zangero98 if your detection is really just "count=0 for > 10 mins" then this sounds more like a rule that could be implemented using Kibana Alerting. If you want to model data and learn from past behaviours, then ML anomaly detection (or a combination of alerting and ML) could be used.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.