ML unexplained results

liorg2 · December 9, 2020, 9:20am

Hello,

I'm having unexplained results in an anomaly detection job.

Attached an image, where you can see clearly that the typical value is 216 - it's almost a straight line. (for the past 2 months)

The model in the other hand, claims that the typical value is 199, and marks the data points in the picture as an anomalies.
I'm not sure if it's the drop a little bit before, but it probably shouldn't change the typical that fast

the detector configuration is
{
"detector_description": "high_non_null_sum(count) by host partitionfield=client",
"function": "high_non_null_sum",
"field_name": "count",
"by_field_name": "host ",
"partition_field_name": "client",
"detector_index": 0
}

Is there a way I can improve the results?

Thanks!

richcollier · December 9, 2020, 3:09pm

Is the graph for a specific host and client? What would you see if you created a saved search, filtered for only that host and client and did a job with model bounds turned on? Might give us a clue as to what is happening.

Also, it is always best to let us know what version you're using when you post questions

liorg2 · December 9, 2020, 6:15pm

Thanks

I'm using 7.10, and will upload the chart in the morning

system · January 6, 2021, 6:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.