以下场景的异常分数计算错误,
繁殖
->我在本地运行这个项目,这两个插件部署在elastic search中->我创建了相同的异常检测器,如下所述用于测试和理解:https://opendistro.github.io/for-elasticsearch-docs/docs/ad/api/#create-异常探测器
"feature_attributes": [
{
"feature_name": "total_order",
"feature_enabled": true,
"aggregation_query": {
"total_order": {
"sum": {
"field": "value"
}
}
}
}
]另外,我的探测器间隔为1分钟,与文档中给出的相同
->我启动检测器,它正在运行->并行使用我自己的测试代码,我在ElasticSearch中填充“order”索引,每隔3秒填充一个1到10之间的“value”字段,当它达到100可除时,我更新“order”索引中“value”列中的巨大值以检查异常。
Map<String, Object> dataMap = new HashMap<String, Object>();
dataMap.put("timestamp", DATE_FORMAT.format(new Date()));
dataMap.put("value", random.nextInt(10));
if(atomicValue.get() % 100 == 0) {
dataMap.put("value", atomicValue.get());
}这意味着值将填充为
例子:
但当值增加时,异常得分不增加,请查看下面的输出
修改订单索引中“value”的和时的预期行为。期望异常分数发生变化,但异常分数未按预期计算,请查看屏幕截图
截屏
创建探测器
启动探测器
并行顺序索引是使用我自己的测试代码填充的
模型已创建
异常检测结果
"hits": [
{
"_index": ".opendistro-anomaly-results-history-2020.09.08-1",
"_type": "_doc",
"_id": "2REQb3QBhcHTa30MZQ4i",
"_version": 1,
"_seq_no": 9,
"_primary_term": 1,
"_score": null,
"_source": {
"detector_id": "MhEJb3QBhcHTa30M5g77",
"anomaly_score": 5.088753089094179,
"execution_start_time": 1599591178599,
"data_end_time": 1599591118599,
"confidence": 0.8238839646482641,
"data_start_time": 1599591058599,
"feature_data": [
{
"feature_id": "LhEJb3QBhcHTa30M5g73",
"feature_name": "total_order",
"data": 401
}
],
"execution_end_time": 1599591179553,
"anomaly_grade": 0.01234567901233773
},
"sort": [
1599591179553
]
},
{
"_index": ".opendistro-anomaly-results-history-2020.09.08-1",
"_type": "_doc",
"_id": "wxEPb3QBhcHTa30MeQ5-",
"_version": 1,
"_seq_no": 8,
"_primary_term": 1,
"_score": null,
"_source": {
"detector_id": "MhEJb3QBhcHTa30M5g77",
"anomaly_score": 4.534258135489182,
"execution_start_time": 1599591118600,
"data_end_time": 1599591058600,
"confidence": 0.8237597742294861,
"data_start_time": 1599590998600,
"feature_data": [
{
"feature_id": "LhEJb3QBhcHTa30M5g73",
"feature_name": "total_order",
"data": 94
}
],
"execution_end_time": 1599591119230,
"anomaly_grade": 0
},
"sort": [
1599591119230
]
},
{
"_index": ".opendistro-anomaly-results-history-2020.09.08-1",
"_type": "_doc",
"_id": "phEOb3QBhcHTa30MjQ7J",
"_version": 1,
"_seq_no": 7,
"_primary_term": 1,
"_score": null,
"_source": {
"detector_id": "MhEJb3QBhcHTa30M5g77",
"anomaly_score": 4.636067976770329,
"execution_start_time": 1599591058600,
"data_end_time": 1599590998600,
"confidence": 0.823635410425475,
"data_start_time": 1599590938600,
"feature_data": [
{
"feature_id": "LhEJb3QBhcHTa30M5g73",
"feature_name": "total_order",
"data": 75
}
],
"execution_end_time": 1599591058889,
"anomaly_grade": 0.007444168734482831
},
"sort": [
1599591058889
]
},我们可以看到总订单是每一分钟计算一次的,
有人能解释一下,与“值”[总订单]字段的总和相比,异常分数是多少吗?因为
当总订单=75时,异常得分=4.636067976770329当总订单=94时,异常得分=4.534258135489182当总订单=401时,异常得分=5.088753089094179
因为据我所知,异常分数没有按预期计算。当“值”字段的总和急剧增加(94到401)时,我预计异常值会大幅增加,但事实并非如此。
感谢您的帮助。
谢谢,
骚扰
暂无答案!
目前还没有任何答案,快来回答吧!