We have created an anomaly detection job using elastic machine learning. For this particular case, we have no detections at times where we normally have detections. The anomaly score is less than 1 here, despite having a big deviation. (screenshot attached)
Moreover in some other cases, the deviation being same, sometimes yield a greater anomaly score than other times
It will be great if someone can explain both of these queries. Thanks!
Scoring is relative to other anomalies. The yellow one right after seems more egregious (less probable and thus higher scoring) than the ones circled. Additionally, there is a difference between what an anomaly is scored when the anomaly happened (in real-time) versus what it might be scored as later (after a more egregious anomaly is seen). You can tell by looking at the "initial score" of an anomaly:
More info on scoring: Machine Learning Anomaly Scoring and Elasticsearch - How it Works | Elastic Blog
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
