I have a time series data. I want to create a standard deviation window based threshold on the count of data points for a particular time. Based on this threshold violation, I want to check the outliers in the data. Based on outliers then I would like to send alerts.
What is the best way to approach the problem.
A similar solution in SumoLogic looks like:- In the given link-
Example:-
Apache logs - Server Errors Over Time
Run the following query to find outlier values in Apache logs over the last 3 hours.
_sourceCategory=Apache/Access
| parse "HTTP/1.1" * " as status_code
| where status_code matches "5*"
| timeslice 5m
| count(status_code) as status_code by _timeslice
| outlier status_code window=5,threshold=3,consecutive=1,direction=+-