Anomaly on specific value (0)

zangero98 · November 29, 2021, 8:14am

hello guys,

(1) I want to make alerts with machine learning when a specific log source don't send any logs for 10 minutes (availability job). I tried it with low count and custom rules but there always showed up anomalies with actual=0 that aren't really zero values.
Is it possible to specify the machine learning job to only look on unexpected zero values? Or is there a much easier way for this common use case?

(2) Some Logsources send very inconsistent so I don't won't to train the data but still want the zero values in my anomalies. Have you some ideas to realize this?

sophie_chang · November 29, 2021, 9:41am

Hi @zangero98 if your detection is really just "count=0 for > 10 mins" then this sounds more like a rule that could be implemented using Kibana Alerting. If you want to model data and learn from past behaviours, then ML anomaly detection (or a combination of alerting and ML) could be used.

system · December 27, 2021, 9:41am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Anomaly Detection Kibana skipping data Kibana elastic-stack-machine-learning	12	882	July 15, 2020
Wrong anomaly detection with X-pack ML? Elasticsearch elastic-stack-machine-learning	13	1940	May 21, 2018
Keeping anomaly scoring constant Elasticsearch elastic-stack-machine-learning	4	398	February 15, 2023
Elaticsearch kibana ml jobs issue Kibana elastic-stack-machine-learning	11	472	November 17, 2020
Custom machine learning rule Kibana elastic-stack-machine-learning	9	477	January 18, 2023

Anomaly on specific value (0)

Related topics