Ad Widget

Collapse

Anomaly Detection

Collapse
X
Collapse
 
  • Page of 1
  • Time
  • Show
Clear All
new posts
Previous template Next
  • ngarry1991
    Junior Member
    • Jan 2023
    • 8
    #1

    Anomaly Detection

    Hi All,

    I was wondering if anyone could help me with an issue I am having.

    We fairly recently upgraded from version 5 to 6.0.12 LTS and I was hoping to use the trenstl trigger but I am not sure I am using it correctly.

    As background I have an item which calculates figures based on items in our elastic index over the past 24 hours, what I want to do is trigger if this varies from the usually. So say the figures are normally between 110-120 and then it drops to say 90 I would like a trigger.

    I have configured the below:

    HTML Code:
    trendstl(/HOST/KEY,28d:now/d,1d,7d,1,"mad")="(1/24)"​
    From my understanding this should gather data for a 28 day period and flag anomalies based on the current day to the day 1 week previous, however this isn't triggering and reporting ok although the figures the previous week was 115 and today is around 92.

    Am I missing something or is there actually a better way to do this, I don't really want to use absolute figures and would rather use some intelligence. I also looked at bassline triggers but not had much luck with them either.

    Below is an example of the data, I have it on a schedule atm so it doesn't gather data over the weekend as this would by design drop.

    Click image for larger version Name: image.png Views: 0 Size: 23.8 KB ID: 461382
    Tags: None
    • markfree
      Senior Member
      • Apr 2019
      • 868
      #2
      The trendstl function returns an anomaly rate, a decimal value between 0 and 1.
      Code:
      1/24 = 0,0416666666666667
      Is your function operator correct?

        Comment

        • ngarry1991
          Junior Member
          • Jan 2023
          • 8
          #3
          Hi Mark,

          I was trying to follow the online video's that implied the above formula would trigger in any 1 deviation in the past 24 hours but do think this may be were I am going wrong.

          I have as a work around added a calculated Item that gets a percentage drop from the most recent item and an item 1 week previous that seems to do what I want however I would prefer to use the anomaly detection if you have any pointers?

          Cheers

            Comment

            • markfree
              Senior Member
              • Apr 2019
              • 868
              #4
              I take it that your data has some seasonality. So, the way I understand it, your function does:

              Analyzes the last 28 days of trend data, searches for anomalies for the previous 1 day of that period and expects the periodicity to be 7 days.
              The number of deviations to count as anomaly is 1 and it is using the MAD algorithm (default).

              Remember that the resulting value is an anomalies rate              .

              Does that logic fit your expectations?

              If you were to create a calculated item (trendstl(/HOST/KEY,28d:now/d,1d,7d,1), what results would you get?
              Last edited by markfree; 22-03-2023, 03:52.

                Comment

                • ngarry1991
                  Junior Member
                  • Jan 2023
                  • 8
                  #5
                  Cheers I never thought to try my calculation as a calculated item so I could never see my output.

                  I think now I can play with it and see the figures this helps me.

                  Thanks again for all the help/pointers​

                    Comment

                    Previous template Next
                    Working...