Simone
1
Version of OpenSearch: 2.11.0
How can i show ‘actual’ and ‘typical’ values of the anomaly in opensearch action trigger?
In Elasticsearch i can set to the action:
{{#context.topRecords.length}}
Top records:
{{#context.topRecords}}
{{function}}({{field_name}}) {{by_field_value}}{{over_field_value}}{{partition_field_value}} [{{score}}]. Typical: {{typical}}, Actual: {{actual}}
{{/context.topRecords}}
{{/context.topRecords.length}}
and i can show a message like this:
Top records: mean(finalprice) 00086106000000 [98]. Typical: 11.656, Actual: 500
In OpenSearch is possibile replicate this?
Thanks,
Simone
Simone
2
Hi,
Do you have any suggestion?
kaituo
3
Yes, it is possible in OpenSearch. We produces result like
- Anomaly: {0={_index=.opendistro-anomaly-results-history-2021.12.22-1, _source={detector_id=8YgXcoABse2v-MkRqGhK, relevant_attribution=[{feature_id=us-east-1-foo, data=0.1444414821178015}], confidence=0.9999701201044623, threshold=1.1150121088929856, schema_version=5, anomaly_score=1.8249145307276422, execution_start_time=1699293045580, data_end_time=1699291845580, data_start_time=1699291545580, feature_data=[{feature_id=us-east-1-foo, feature_name=us-east-1-foo, data=5.0}], expected_values=[{likelihood=1.0, value_list=[{feature_id=us-east-1-foo, data=1.0}]}], execution_end_time=1699293177063, anomaly_grade=1.0, approx_anomaly_start_time=1699291545580}, _id=pK7EpYsBrKlwPBoZJFvn, sort=[1.8249145307276422, 0.9999701201044623], _score=null}}
You can fetch actual using feature_data and typical using expected_values.
Further details: Anomaly result mapping - OpenSearch documentation