如何解决在OpenDistro项目中错误计算了异常分数
在以下情况下,错误计算了异常分数
要复制
->我正在本地运行此项目,并且在弹性搜索中部署了两个插件 ->我创建了与此处所述相同的异常检测器以进行测试和理解:https://opendistro.github.io/for-elasticsearch-docs/docs/ad/api/#create-anomaly-detector
"feature_attributes": [
{
"feature_name": "total_order","feature_enabled": true,"aggregation_query": {
"total_order": {
"sum": {
"field": "value"
}
}
}
}
]
此外,我的检测器间隔与文档中给出的间隔为1分钟
->我启动检测器,它正在运行 ->并行使用我自己的测试代码,我在弹性搜索中填充“ order”索引,该索引每3秒随机填充为1到10之间的“值”字段,当它达到100可整除时,我正在更新在“订单”索引的“值”列中显示巨大的值,以检查异常情况。
Map<String,Object> dataMap = new HashMap<String,Object>();
dataMap.put("timestamp",DATE_FORMAT.format(new Date()));
dataMap.put("value",random.nextInt(10));
if(atomicValue.get() % 100 == 0) {
dataMap.put("value",atomicValue.get());
}
这意味着该值将被填充
示例:
预期的行为 修改订单索引中“值”的总和时。期待异常分数的变化,但是异常分数未按预期计算,请找到屏幕截图
屏幕截图
- 创建探测器
- 启动检测器
-
使用我自己的测试代码填充“并行订单”索引
-
模型已创建
- PF异常检测器结果
"hits": [
{
"_index": ".opendistro-anomaly-results-history-2020.09.08-1","_type": "_doc","_id": "2REQb3QBhcHTa30MZQ4i","_version": 1,"_seq_no": 9,"_primary_term": 1,"_score": null,"_source": {
"detector_id": "MhEJb3QBhcHTa30M5g77","anomaly_score": 5.088753089094179,"execution_start_time": 1599591178599,"data_end_time": 1599591118599,"confidence": 0.8238839646482641,"data_start_time": 1599591058599,"feature_data": [
{
"feature_id": "LhEJb3QBhcHTa30M5g73","feature_name": "total_order","data": 401
}
],"execution_end_time": 1599591179553,"anomaly_grade": 0.01234567901233773
},"sort": [
1599591179553
]
},{
"_index": ".opendistro-anomaly-results-history-2020.09.08-1","_id": "wxEPb3QBhcHTa30MeQ5-","_seq_no": 8,"anomaly_score": 4.534258135489182,"execution_start_time": 1599591118600,"data_end_time": 1599591058600,"confidence": 0.8237597742294861,"data_start_time": 1599590998600,"data": 94
}
],"execution_end_time": 1599591119230,"anomaly_grade": 0
},"sort": [
1599591119230
]
},"_id": "phEOb3QBhcHTa30MjQ7J","_seq_no": 7,"anomaly_score": 4.636067976770329,"execution_start_time": 1599591058600,"data_end_time": 1599590998600,"confidence": 0.823635410425475,"data_start_time": 1599590938600,"data": 75
}
],"execution_end_time": 1599591058889,"anomaly_grade": 0.007444168734482831
},"sort": [
1599591058889
]
},我们可以看到total_order是每1分钟计算的
有人可以解释一下异常得分与字段“值” [total_order]的总和吗? 因为
当total_order = 75时,异常得分= 4.636067976770329 当total_order = 94时,异常得分= 4.534258135489182 当total_order = 401时,异常得分= 5.088753089094179
因为据我所知,异常分数未按预期计算。当字段“值”的总和急剧增加(从94到401)时,我预计异常得分会大大增加,但不是。
感谢您的帮助。
谢谢,
哈里
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。
