Hi Raj,
The score that the anomaly gets depends on how much data preceded it. What I mean by that is that the judgements made by ML are based on probability. The more established history a metric has, the higher the anomaly score will be once it begins to deviate. Here, in your screenshot, it's hard to tell how much history was established for this metric before the light blue anomaly raised on Tuesday the 15th. Can you possibly zoom the picture out so that we can see the full history of the data that you sent to ML?
For your second question, how long after you shut off Logstash did you take the screenshot? Because you have a 5m bucket_span, it might take 5-7 minutes for the ML cycle to complete and report on this last bucket. It's hard to tell when the screenshot was taken (clock time) with respect to the analysis time.