Hi Dojo,
I'm following the relational anomaly detection tutorial located here but the light bulb in the alarm console is not showing any related event after simulate the degradations.
We are using Cassandra/Opensearch DB, DMA is running in 10.5.11.0-16433 and Relational anomaly detection is enabled in analytics config.
Any idea?
Thanks in advance!
Hi Manuel,
thanks a lot for your post and for bringing this to our attention! I've set up a system and followed the tutorial to figure out what went wrong. To explain the issue, let me give you some background.
In step 4 of the tutorial, we create a RAD Group in the RAD Manager by specifying the parameters and a name for the group. We don't touch any of the advanced settings there, namely:
- The Anomaly Threshold: this indicates how sensitive the algorithm is. A low threshold is easily breached, meaning our algorithm will very easily label something as anomalous or problematic. A high threshold makes the detection more robust.
- The Anomaly Duration: this is similar to alarm template hysteresis. If you set it to 15 minutes e.g., then you only send an alarm if the anomalous behavior lasts for at least 15 minutes.
Now, to get to the problem. After evaluation of various use cases, our team decided to update the default values of those parameters as follows:
- Anomaly threshold: default value 3 was updated to value 6
- Anomaly Duration: default value 5 was updated to value 15
The anomaly of step 4 will no longer be detected with these new default values as they increase the hysteresis and make the detection less sensitive. To see the detection, you could set the Anomaly Threshold back to 3 and the Anomaly Duration to 5 when creating your group.
I'll update the tutorial today and once technical writing approves it, we will publish it online. I will let you know as soon as it appears!
Thanks a lot for bringing this to our attention! Sorry this one fell through the cracks!
Dennis