The OpenSearch project wants to offer Forecasting as a tool for the community. There are a few different ways that we think that Forecasting would be helpful.
Augmentation for visuals on Dashboards to help developer operations in live troubleshooting
Integrating with alerting to gently let users/systems know when a service may be trending in the wrong direction.
Performing forecasting in the traditional business/finance sense on large amounts of data which includes seasonality (e.g. predicting what revenue may look like or inventory levels based on prior data and trends)
An integration to make it easier to manage Forecasting functionality via the API
Are there use cases and nomenclature in our community that we are missing? We would love your feedback.
opened 12:06AM - 23 Aug 22 UTC
enhancement
untriaged
### **What are you proposing?**
* The current log analytics solution is great… at showing how things are performing in the moment. When looking at log metrics, users also want to understand where things are trending so that they can plan accordingly. Forecasting will show the user where their metrics are headed so that they can prepare accordingly (e.g. disk space, server instance upgrades, or even license usage if tracked).
- Show a future view of time series metrics displayed on Dashboards which will feed into Observability and Security Analytics
- Forecast when something may trigger an alert in the future to help users stay on top of their areas of responsibility
- Create a workflow which allows someone to upload their dataset and validate that it is correct ahead of performing the forecasting job
- Include “what if” scenario support which allow the user to work through scenarios like what if traffic increased 4x what would happen to my systems
- Have popular forecasting dashboard templates to make it easy to setup
- Easily share a forecasting dashboards with colleagues and the community
- Tee up a scheduled report of a specific dashboard to be reviewed quarterly
### **What problems are you trying to solve?**
There are two personas that we propose to solve for. The first priority is the developer operations persona who wants to view dashboards and understand where metrics are headed and the second priority is the business analyst persona. A key differentiator between the personas would be data size. The developer operations persona will likely only have 90-120 days worth of data available to them given that saving application logs is costly. The developer operations persona wants to make sure that the applications, service tiers, or services are up and fully functional. They live more in the moment and would like to be proactively notified if their area of responsibility is going to have problems.
The second persona is the business analyst persona who wants to look at data over a longer period of time (120+ days). The data the business analyst is looking at has seasonality trends in it. The business analyst wants to understand how to project out financial metrics such as revenue or inventory levels.
### **User Stories**
**Developer Operations Persona (90 - 120 days of data)**
- As someone who is responsible for critical services, I want to look at my dashboard visualizations and forecast where metrics are moving, so I can understand if I can take proactive actions and change the outcome.
- Display an augmented view of forecasting on a given visualization w ranges of confidence (e.g. as time or variability in the data increases confidence decreases)
- As someone who wants to forecast way into the future, I want to be told that my attempts to forecast out that far are not realistic, so I can set the right expectations with myself.
- As someone who is responsible for critical services, I want to setup select alerts to notify me if there are anticipated issues with the service, so I can proactively respond to problems instead of reacting
- Given that someone has turned on forecasting for their monitor-alert, when an alert is triggered, it needs to sent in a way which differentiates it from other alerts (different urgency)
- As someone who wants to manage monitors/alerts from an API, I want the ability to turn on Forecasting, so I don’t have to do things interactively
- As someone who is responsible for critical services, I want to setup “what if scenarios”, so I can plan ahead and know if web traffic increases by 2x that my services are going to fall over.
- As someone who prefers one forecasting algorithm over another, I want to choose which one to use as a default and through an advanced menu
**Business Analyst Persona (120 days + of data)**
- As someone who has a large dataset that they want to evaluate, I want to connect that dataset to Forecasting, so I can run a job on the dataset
- What kind of datasets are going to be supported and what kind of help with be present in OpenSearch (differentiating between immediately uploaded datasets v. pipeline datasets)
- As someone who has connected a large dataset, I want to visualize the dataset so that I can validate that the data I anticipate is in there, is in fact there ahead of forecasting
- As someone who has validated the data is ready for forecasting, I want to choose and be informed of which forecasting algorithm to use, so I can forecast with confidence
- As someone who has initiated the forecast, I want to view my results on a visualization which can be a part of a Dashboard.
- As someone who wants to forecast way into the future, I want to be told that my attempts to forecast out that far are not realistic, so I can set the right expectations with myself.
- As someone has evaluated the data, I want to share the results in CSV, so that I can manipulate them offline
- As someone who has evaluated the data, I want to setup “what if scenarios”, so I can plan ahead and know if web traffic increases by 2x that my services are going to fall over.
**Reporting**
- Send out quarterly report to a distribution list to show the forecast of what is happening within the user’s realm of responsibility (e.g. services owned, service tiers owned, etc.)
**Administration**
- As someone who is concerned with performance, I want to make sure my forecasting workloads don’t interfere with critical OpenSearch ingestion/indexing.
- As someone who is concerned with performance, I want to be able to control who has access to the forecasting feature in the system, so I can avoid business critical functions of the system tipping over.
### **Outstanding Questions**
- Is the prioritization of personas correct? Any additional personas that we need to be mindful of?
- What persona would be valuable from an API first perspective?
- Would the community find it valuable to have a dedicated saved Forecasting view/state on their dashboards to return to in the future?
- Forecasting is an overloaded term. Is there better naming that we can use to differentiate between the anticipatory results displayed to the developer operations specialist compared with the business analyst?
- Forecasting can be helpful in ML Commons, Anomaly Detection, Alerting, Dashboards, and Performance Analyzer. Is there an opinion on how to implement Forecasting which would allow each plugin/extension the ability to take advantage of the feature?
- What Forecasting algorithms would the community find interesting?
- Would the community find forecasted alerting mechanisms helpful?
- Would 'what if scenarios' would be interesting to the community?
- Would the community value a SQL integration with Forecasting?
1 Like
kris
August 23, 2022, 5:17pm
2
Thanks @jdbright for posting here! Hope the community has a lot of input for you
Quick update. The project can really use some feedback on what the community values.
The team is focusing on the Dev Ops persona first. A user will be able to use Dashboards to augment their time series charts with a trending view into the future. Similarly, the team wants to add forecasting to alerts to let people know when a given metric (e.g., CPU, memory, 500 errors) is trending in the wrong direction ahead of a formal alert being fired.
Community members, do you see both pieces of functionality as equal or is one higher priority than the other?