Order of Influencers in anomaly timeline overview?

willemdh · May 9, 2020, 7:59pm

Hello,

When I create an ml job, for example high_count by source.address with high cardinality influencers, for example on user.name. So I get a huge list of anomalies, but I can maximally show 50 in the anomaly timeline in the anomaly explorer. Are those 50 the ones with highest anomaly scores? Why do I find on the top of the list user names which seem to have 'less' anomalies then others more at the end of the list? How are the influencers ordered?

Most interesting for me are the ones with high actual values. Is there a way to only show the top 50 with the highest actual value in the anomaly explorer?

Grtz

Willem

richcollier · May 10, 2020, 11:02am

Take a look at this blog which describes how the scoring works and what the grid of influencers is telling you.

In a nutshell, it tells you which entities are the most unusual over the time-range you select. The most unusual bubble to the top of the grid

willemdh · May 10, 2020, 4:58pm

Thanks for the link. That clarifies somewhat.

system · June 7, 2020, 4:58pm

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Problems understanding Anomaly Explorer Elasticsearch elastic-stack-machine-learning	2	1629	November 20, 2017
How to know influencers list using query Kibana elastic-stack-machine-learning	4	308	December 5, 2022
No influencers found and nothing highlighted on single metric viewer Elasticsearch elastic-stack-machine-learning	3	939	October 30, 2018
ML - Anomaly fresh data (high score) Elasticsearch elastic-stack-machine-learning	2	384	June 16, 2020
Detail questions regarding bucket and influencer scorings Elasticsearch elastic-stack-machine-learning	3	665	October 30, 2018

Order of Influencers in anomaly timeline overview?

Related topics