i think there is not anomaly for src ip :192.168.1.61 , because actual value is 2 .
how can i set configs for anomaly actual value ?
for this example actual >= 200
can i create such machine learnings by aggregated machine learnings and filter doc_count ?
i think this is a bad solution because records ommited from machine learnings.
i want filtered actual vaule affect on max severity.
This is a great question! In cases like this, the result where the actual value is 2 is indeed mathematically anomalous. However, there is domain knowledge that renders such anomalies not interesting to you.
With the current state of the product, you could use watcher to ensure anomalies with an actual value less than 200 are excluded from alerting.
The ability to provide domain knowledge to the model is currently an area of investigation for us as we are working on finding the best way to allow our users to do so. We hope that there will be an easily configurable solution to this problem in an upcoming release.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
