Simple Anomaly Detection Question

McJava1967 · July 28, 2023, 7:00pm

Hi all. I'm a newbie at Anomaly Detection. Let's say I have a key, "PET", with two possible values, "CAT" and "DOG". I want to detect when there are an unusual number of CATs in an hour. Is that possible?

I thought Multi-Metric, split by PET, would do it. But that doesn't seem to be the case. It seems to combine the results of independent CAT and DOG analyses. I just want CAT.

If I just select "count (event rate)" in Single Metric, it runs against all records in the index. And the only Metric available for PET is distinct count, which will always be 1 or 2.

I know I must be missing something! Help!

stephenb · July 29, 2023, 1:01am

You can do a single metric with a term / KQL filter on CAT.

Multi-metric split on PET on count should work as well multi metric treats each entity as its own model.

system · August 26, 2023, 1:01am

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
About details of Multi-Metric Anomaly Detection Kibana elastic-stack-machine-learning	7	1051	February 3, 2022
How to perform anomaly analysis by having a single metric as a benchmark Elasticsearch elastic-stack-machine-learning	4	690	December 4, 2017
ML anomaly detection question Kibana elastic-stack-machine-learning	8	620	February 11, 2020
X-Pack Anomaly Detection: multi-metric equals multivariate? Kibana elastic-stack-machine-learning	9	861	September 18, 2020
Abnormal behavior of anomaly detection found - Elastic ML Stack Elasticsearch elastic-stack-machine-learning	2	452	December 1, 2022

Simple Anomaly Detection Question

Related Topics