Help for creating manuel alert which anomaly can not detect

a.emrekaraman · March 9, 2024, 12:49pm

Hi team,

I use anomaly detection and it works very good but anomaly can not detect if there is no time series data.

For example, I use 6 shingle period with 10 min. If there is no any any in this period and after get in net 8 shingle 10 min period and there are high number of value log, anomaly can not measure it correctly and can not generate alert for it. Let me share screenshot to explain ;

I created anomaly for error messages types. In the screenshot, in normal period, there is no 404-url-not-found error but suddenly it goes up. Anomaly can not measure it as anomaly becuase before that time ,there is no 404-url-not-found error.

How can I detect this type of peaks?

Thanks,

Emre

kaituo · March 12, 2025, 6:12pm

We currently don’t support this scenario, as models require historical data to learn effectively. When a new error type first appears, we haven’t yet trained a dedicated model for it. In such cases, we should rely on population analysis (not yet implemented in OpenSearch AD) instead of comparing solely against the same error type. Specifically, we would compare against the average behavior across error types. Typically, the average error count is very low or zero, so the sudden appearance of a new error—such as a “404-url-not-found”—should be identified as an outlier.

Topic		Replies	Views
Opensearch Anomaly Detection behavior OpenSearch anomaly-detection	5	560	November 6, 2023
Sample anomaly detection not working OpenSearch	1	230	October 19, 2023
Does anomaly detection have time range? OpenSearch Dashboards anomaly-detection	5	307	June 22, 2023
Do missing buckets ruin anomaly detection? OpenSearch	1	328	March 11, 2024
Anomaly detection Url based detection OpenSearch	7	344	February 1, 2023

Help for creating manuel alert which anomaly can not detect

Related topics