iSharkFly-Docs
/
opensearch-docs-cn
mirror of https://github.com/iSharkFly-Docs/opensearch-docs-cn
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

custom json model for anomaly detector (#1091) 

* custom json model for anomaly detector #910

Signed-off-by: alicejw <alicejw@amazon.com>

* for additional steps

Signed-off-by: alicejw <alicejw@amazon.com>

* for UI element reformat to bold per style guide

Signed-off-by: alicejw <alicejw@amazon.com>

Signed-off-by: alicejw <alicejw@amazon.com>
This commit is contained in:
Alice Williams 2022-09-06 13:48:06 -07:00 committed by GitHub
parent aec7de7d97
commit df51655e4b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 13 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
_monitoring-plugins/ad/index.md
View File

@ -75,9 +75,20 @@ For example, if you choose `min()`, the detector focuses on finding anomalies ba
A multi-feature model correlates anomalies across all its features. The [curse of dimensionality](https://en.wikipedia.org/wiki/Curse_of_dimensionality) makes it less likely for multi-feature models to identify smaller anomalies as compared to a single-feature model. Adding more features might negatively impact the [precision and recall](https://en.wikipedia.org/wiki/Precision_and_recall) of a model. A higher proportion of noise in your data might further amplify this negative impact. Selecting the optimal feature set is usually an iterative process. By default, the maximum number of features for a detector is 5. You can adjust this limit with the `plugins.anomaly_detection.max_anomaly_features` setting.
{: .note }
To configure an anomaly detection model based on an aggregation method, follow these steps:
1. On the **Configure Model** page, enter the **Feature name** and check **Enable feature**.
1. For **Find anomalies based on**, choose the method to find anomalies. For **Field Value**, choose the **aggregation method**. Or choose **Custom expression**, and add your own JSON aggregation query.
1. Select a field.
1. For **Find anomalies based on**, select **Field Value**.
1. For **aggregation method**, select either **average()**, **count()**, **sum()**, **min()**, or **max()**.
1. For **Field**, select from the available options.
To configure an anomaly detection model based on a JSON aggregation query, follow these steps:
1. On the **Configure Model** page, enter the **Feature name** and check **Enable feature**.
1. For **Find anomalies based on**, select **Custom expression**. You will see the JSON editor window open up.
1. Enter your JSON aggregation query in the editor.
For acceptable JSON query syntax, see [OpenSearch Query DSL]({{site.url}}{{site.baseurl}}/opensearch/query-dsl/index/)
{: .note }
#### (Optional) Set category fields for high cardinality