Entities or events in your data can be considered anomalous when:
- Their behavior changes over time, relative to their own previous behavior, or
- Their behavior is different than other entities in a specified population.
The latter method of detecting anomalies is known as population analysis.
I found this on the Elastic website. However, it is an old link. This is what I have always had in mind. Is it still valid? (This is the link: Performing population analysis | Machine Learning in the Elastic Stack [7.17] | Elastic)
Additionally, I also found that for Rare Jobs, the rare function detects values that occur rarely in time or rarely for a population. It detects anomalies according to the number of distinct rare values.
This function supports the following properties:
by_field_name(required)over_field_name(optional)partition_field_name(optional)
This is the link: Appendix N: Rare functions | Machine Learning in the Elastic Stack [8.17] | Elastic
Finally, the latest page of Elastic about this topic mentions both, but the explanation is not 100% clear to me. (Anomaly detection job types | Machine Learning in the Elastic Stack [8.17] | Elastic)
It is my understanding, please correct me if I am wrong, that both types of jobs required Time Series data.
Finally, Rare Jobs had (not sure if it is still valid): Rare, Rare in Population, and Frequently Rare in Population.
Here is the image that I took from a Elastic video on YouTube ( A walk through anomaly detection using Elastic's Machine Learning - YouTube
