What does "Feature output" mean in Anomaly Detection?

McJava1967 · November 28, 2023, 3:31pm

Hi all. I’m trying to set up simple Anomaly Detection jobs, and not understanding the results. I created a feature to count the number of entries containing a particular alpha value, per hour. I expected the “Feature output” value to match the number of such values for that hour. It’s reporting a value of 83. But I have a dashboard tracking the same value, and I can see there were about 800 such values for that hour.

Can anyone explain the discrepancy? Does “count()” mean a simple count, or something else?

Thanks!

kaituo · December 5, 2023, 7:28pm

It is a simple count. Do you use the same source index and filter in Dashboard?

McJava1967 · December 5, 2023, 7:44pm

Yes. Same source index and filter.

I have other similar tests, where the “feature output” DOES match what’s in Dashboard. Still confused why this one doesn’t.

Thank you for responding!

kaituo · December 5, 2023, 8:39pm

I am wondering whether the hourly data starts and ends at the same time on dashboard and AD results.

In the result index, can you search and post result for the feature 83 here? The mapping of result index is here: Anomaly result mapping - OpenSearch documentation

Also, can you post the start and end time of the corresponding record on dashboard?

Topic		Replies	Views
Opensearch Anomaly Detector Custom Expressions OpenSearch Dashboards anomaly-detection	7	475	April 3, 2024
Find result of anomaly detection through {{ctx.results.0}} for monitor Alerting	1	785	November 5, 2021
OpenSearch Anomaly Detection by error rate OpenSearch Dashboards anomaly-detection	0	27	February 5, 2025
How Anomaly Detection? OpenSearch discuss	0	193	November 23, 2022
Muti-variate Anomaly Detection Machine Learning anomaly-detection	4	514	January 30, 2023

What does "Feature output" mean in Anomaly Detection?

Related topics