Hi all. I'm a newbie at Anomaly Detection. Let's say I have a key, "PET", with two possible values, "CAT" and "DOG". I want to detect when there are an unusual number of CATs in an hour. Is that possible?
I thought Multi-Metric, split by PET, would do it. But that doesn't seem to be the case. It seems to combine the results of independent CAT and DOG analyses. I just want CAT.
If I just select "count (event rate)" in Single Metric, it runs against all records in the index. And the only Metric available for PET is distinct count, which will always be 1 or 2.
I know I must be missing something! Help!
