Machine Learning - Default value for buckets with no documents

I am attempting to set up a machine learning job that detects high_sum of a field for a daily ingest. However, the data I am ingesting is conditional, and we may not actually receive any documents for a given day (most days even). This is a standard result that we would like to capture in this machine learning anomaly detection job. However, my job is not reporting the values I would expect as anomalies. I believe this is because the days without any data are not actually contributing to the detection algorithm.

I have been searching around this forum and elsewhere to no avail looking for a solution to this issue. What I would like to set up is a default value of 0 for those buckets without any documents. How might I go about setting up this job?

Running with ES/Kibana 7.6.0

If you are using sum() then days without documents will be modeled as 0.

If you want to ignore (i.e. not model) days without documents, you need to use non_null_sum()

See: Sum functions | Machine Learning in the Elastic Stack [7.15] | Elastic

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.