Hi have data of throughput for multiple interfaces in a job, and I want to detect when the throughput drops abruptly, Im using the low_mean function in the detector to do this, but sometimes there is an abrupt drop of throughtput and the anomaly is identify as minor.
What function in the detector would you recommend to get a higher severity when this drops happens?
Ensure that you are using partition_field instead of by_field for the splitting of analysis, as partition_field allows for more independent scoring per partition.
There are many posts on this board relating to (I'll paraphrase a bit) "why isn't the anomaly scored like I want it to?" I think it is helpful to keep in mind that the scoring is always relative to the probability of the different behaviors of the data. So, it is possible that you have to tune your focus (or alerts) to lower-level scores for this data set just because that's the way this particular data set behaves.
Now with that said -You can also see if you get better fidelity using a different detector function like low_sum(), low_median or maybe even min() ?
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.