ML: count vs low/high-count detector functions

I would like to know what is the difference between “count”, “low count”, and “high count”.
I assume that “count” function includes the results from “low count”, "high count" and more ever. Please correct me if I’m wrong.
If it's true, can you please make an example or express some of results from "count" that are not from "low count" nor "high count"?


Simply, the count detector function finds anomalous deviations in the rate of documents/events on both the "high side" and the "low side" (i.e. spikes and dips) - whereas the one-sided functions of low_count and high_count only find anomalies on the low side and the high side, respectively.

As an example, you might pick low_count as an appropriate detector to track online orders per unit time because you only might want to know if your orders are less than expected (as having orders be higher than expected is likely a "good" thing). Alternatively, if you're looking for DDOS activity, then only looking for anomalies on the high side makes sense, thus an appropriate use of high_count.


This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.