Hi,
I am trying to use machine learning - anomaly detection.
Whenever I try to use regular sum function it detects both low and high anomalies.
High sum is also working expected since it's only showing high anomalies.
The problem is low sum. I only want to see when there are low anomalies but it seems like both high and low are showing. Is there a way to only see lows?
From the screenshot, the anomaly icon is a cross, rather than a circle. This indicates that the anomaly is multi-bucket ... which means that there is a low sum anomaly across the previous ~12 buckets (~6 hours), however the individual bucket (30 mins) would not have been anomalous.
We record actual and typical values for each 30 mins bucket as standard, so the overlay of multi-bucket anomalies is very difficult to plot on a single chart and it is not easy to see (unless you know about them already).. if you have any idea how we could have made this clearer, please feel free to let us know.
More info on multi-bucket Interpreting multi-bucket impact anomalies using Elastic machine learning features | Elastic Blog
Hope that helps
Sophie
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.
© 2020. All Rights Reserved - Elasticsearch
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant logo are trademarks of the Apache Software Foundation in the United States and/or other countries.
