[DOCS] Describe severity threshold and interval in anomaly table (elastic/x-pack-elasticsearch#2266)
* [DOCS] Describe severity threshold and interval in anomaly table * [DOCS] Describe aggregation in anomaly table * [DOCS] Fixed capitalization in ML getting started Original commit: elastic/x-pack-elasticsearch@d4224c9fe8
This commit is contained in:
parent
e97b6dcc47
commit
8e7bd27186
|
@ -213,6 +213,12 @@ typical and actual values and the influencers that contributed to the anomaly.
|
|||
image::images/ml-gs-job2-explorer-table.jpg["Job results table"]
|
||||
|
||||
Notice that there are anomalies for both detectors, that is to say for both the
|
||||
`high_mean(response)` and the `sum(total)` metrics in this time interval. By
|
||||
`high_mean(response)` and the `sum(total)` metrics in this time interval. The
|
||||
table aggregates the anomalies to show the highest severity anomaly per detector
|
||||
and entity, which is the by, over, or partition field value that is displayed
|
||||
in the **found for** column. To view all the anomalies without any aggregation,
|
||||
set the **Interval** to `Show all`.
|
||||
|
||||
By
|
||||
investigating multiple metrics in a single job, you might see relationships
|
||||
between events in your data that would otherwise be overlooked.
|
||||
|
|
|
@ -629,10 +629,21 @@ of the viewer. For example:
|
|||
[role="screenshot"]
|
||||
image::images/ml-gs-job1-anomalies.jpg["Single Metric Viewer Anomalies for total-requests job"]
|
||||
|
||||
|
||||
For each anomaly you can see key details such as the time, the actual and
|
||||
expected ("typical") values, and their probability.
|
||||
|
||||
By default, the table contains all anomalies that have a severity of "warning"
|
||||
or higher in the selected section of the timeline. If you are only interested in
|
||||
critical anomalies, for example, you can change the severity threshold for this
|
||||
table.
|
||||
|
||||
The anomalies table also automatically calculates an interval for the data in
|
||||
the table. If the time difference between the earliest and latest records in the
|
||||
table is less than two days, the data is aggregated by hour to show the details
|
||||
of the highest severity anomaly for each detector. Otherwise, it is
|
||||
aggregated by day. You can change the interval for the table, for example, to
|
||||
show all anomalies.
|
||||
|
||||
You can see the same information in a different format by using the
|
||||
**Anomaly Explorer**:
|
||||
[role="screenshot"]
|
||||
|
|
Loading…
Reference in New Issue