Real Time Anomaly Detection in Open Distro for Elasticsearch | Open Distro

Today, we released Anomaly Detection (preview) on Open Distro for Elasticsearch. We are excited to continue our work on anomaly detection as a part of Open Distro for Elasticsearch in the coming months, and invite developers in the larger search community to join in and co-develop some parts. The feature includes a nice mix of machine learning algorithms, statistics methods, systems work, visualization and UI, and enterprise primitives (for working on anomalies).

This is a companion discussion topic for the original entry at


Thank you for releasing the Anomaly detection plugins on Open Distro for Elasticsearch.
I wanted to know a little more. For now, the RCF doesn’t support mixed features (numeric and categorical data).
Is it something that will be supported soon?

In my use case (anomaly detection in applications performance monitoring data), mixed data (response times, system metrics, sql text, urls) is used to define anomalous behavior.
If only numeric data is used in computing an anomaly score, I will not be sure of the relevance of the result

Hey @wassim.dhib,

Thanks for your feedback. We are looking into supporting these features. Meanwhile, we would love to schedule a call to discuss your use case further. Would you be open to that? I could be reached on