I would like to create some sort of alert that uses the ML capability to notify me if the successful transaction rate for a specific service is anomalous.
For example:
Let's assume the trend of successful transactions is 100/day. If one day I get 50 or 150 I get notified and I can check what's going on.
I have read the documentation and I understand I need to use the Anomaly Detection feature, but the pre-configured jobs all point to a specific property to monitor (e.g. service.name). I want to monitor the number of successful transactions for a specific service.
Could you please point me in the right direction for this?
Thanks for your reply @richcollier.
I managed to create the ML job as you described, how can I turn it into some sort of alert? My end goal is to get notified if the number of successful transactions of the previous day was below average.
Thanks a lot. Is it my understanding correct that if I have a baseline of 100 requests per day, the alert will notify me if one day I get less or more? Or does it work only if I get more?
a detector configuration of the count detector function finds anomalies on both the high side and low side (whereas the one-sided detector functions high_count and low_count only detect anomalies in one direction).
A real astute user might notice that the highest sensitivity possible is two use a job that has two detectors configured (one with high_count and one with low_count). This configuration has higher fidelity, especially in the case where the dynamic ranges of anomalies on the high side are drastically different than on the low side (i.e. spikes that tend to be much larger in magnitude than the dips). Because each detector maintains its own normalization table, having separate normalized scoring for the two detectors gives more sensitivity control.
Apache, Apache Lucene, Apache Hadoop, Hadoop, HDFS and the yellow elephant
logo are trademarks of the
Apache Software Foundation
in the United States and/or other countries.
