Hey, Im trying to create a job where anomalies are to be detected if the amount of data in an index falls to very low values. If low_count function is used, I can detect anomalies if the count of documents falls to very low values. Is low_sum similar to the low_count function? Can low_sum also be used for situations similar to this, since I'm getting different plots for same data? i.e, can low_Sum be used to find anomalies if input falls to low values?
For low_sum, I used a field EVENTHOUR, which denotes the hour at which we received the data. So, will the anomaly detection be similar for both low_sum and low_count?
There often can be several different ways to detect the evidence of the same situation. This is one of those cases.
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.