Bad anomaly detection dynamic threshold

elge · May 20, 2025, 1:46pm

Hello, v2.17 here, with a few anomaly detectors in place. It sometimes happens that an well detected anomaly (as seen in the dashboard) doesn’t show up in the custom result index. This is due to the dynamic threshold field that makes the engine decide by itself whether an anomaly grade is worth something or not.

Is there a way to tune or disable that threshold ? I would be happy with all the anomalies ending up in the custom result index anyhow.

I quote Anomaly result mapping - OpenSearch Documentation

One of the criteria for a detector to classify a data point as an anomaly is that its anomaly_score must surpass a dynamic threshold. This field records the current threshold.

Anthony · May 21, 2025, 11:12am

@elge I do not believe there is any configuration option available to change this. You can have a look at the hardcoded values in HybridThresholdingModel.java

It would be useful to configure this using opensearch.yml configuration perhaps, therefore I’d recommend to add this as feature request in github project.

Topic		Replies	Views
Opensearch Anomaly Detector Custom Expressions OpenSearch Dashboards anomaly-detection	7	516	April 3, 2024
Anomaly detection wrong real time state after historical run OpenSearch anomaly-detection	1	54	October 17, 2024
Cross Cluster Anomaly Detection Machine Learning	2	265	August 11, 2023
How can Anomaly Detector recover from huge spikes and dips? OpenSearch	0	166	October 27, 2023
OpenSearch Anomaly Detection by error rate OpenSearch Dashboards anomaly-detection	0	36	February 5, 2025

Bad anomaly detection dynamic threshold

Related topics