ML unexplained results

liorg2 · December 9, 2020, 9:20am

Hello,

I'm having unexplained results in an anomaly detection job.

Attached an image, where you can see clearly that the typical value is 216 - it's almost a straight line. (for the past 2 months)

The model in the other hand, claims that the typical value is 199, and marks the data points in the picture as an anomalies.
I'm not sure if it's the drop a little bit before, but it probably shouldn't change the typical that fast

the detector configuration is
{
"detector_description": "high_non_null_sum(count) by host partitionfield=client",
"function": "high_non_null_sum",
"field_name": "count",
"by_field_name": "host ",
"partition_field_name": "client",
"detector_index": 0
}

Is there a way I can improve the results?

Thanks!

richcollier · December 9, 2020, 3:09pm

Is the graph for a specific host and client? What would you see if you created a saved search, filtered for only that host and client and did a job with model bounds turned on? Might give us a clue as to what is happening.

Also, it is always best to let us know what version you're using when you post questions

liorg2 · December 9, 2020, 6:15pm

Thanks

I'm using 7.10, and will upload the chart in the morning

system · January 6, 2021, 6:15pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Anomaly Result Interpretation for Seasonal Data Elasticsearch elastic-stack-machine-learning	4	679	July 31, 2020
No Detections after the first time zero detection was detected Elasticsearch elastic-stack-machine-learning	10	449	May 10, 2022
Abnormal behavior of anomaly detection found - Elastic ML Stack Elasticsearch elastic-stack-machine-learning	2	453	December 1, 2022
Anomaly detection record score error Elasticsearch elastic-stack-machine-learning	4	367	June 13, 2022
Wrong anomaly detection with X-pack ML? Elasticsearch elastic-stack-machine-learning	13	1940	May 21, 2018

ML unexplained results

Related topics