Versions (relevant - OpenSearch/Dashboard/Server OS/Browser):
Describe the issue:
If I want to utilize the real-time anomaly detection feature, how many data pointers can I utilize? For example, if I set the aggregate interval to 10 minutes, how many minutes of data can I use to detect anomalies?
Relevant Logs or Screenshots:
By chance are you referring to Shingle size? if so then its 1 and 60.
If I’ve been collecting log data since January 1, 2020, does OpenSearch’s anomaly detection use all the data from January 1, 2020 to June 22, 2023 (today) to detect if the current data is an anomaly?
Good question, I personally dont know. But I think this may answer your question.
Preview sample anomalies and adjust the feature settings if needed. For sample previews, the anomaly detection plugin selects a small number of data samples—for example, one data point every 30 minutes—and uses interpolation to estimate the remaining data points to approximate the actual feature data. It loads this sample dataset into the detector. The detector uses this sample dataset to generate a sample preview of anomaly results.
@Gsmitt OMG thank you so much. This is exactly what I was looking for!!