Product Features
...
Statistical Functions
Anomaly Detection
3 min
the anomaly detection processor uses the three sigma rule and allows you to define the number of standard deviations considered normal for a data set if the data is within the designated standard deviations of the mean, it is not considered to be anomalous anomaly detection overview anomaly detection by 3 sigma rule is a conventional heuristic used for an approximately normalized data set a rolling window of values are "observed", and their average and standard deviations are calculated you can define the number of standard deviations that would be considered "normal", hence everything beyond that would be anomalous data in case of an anomaly, the standard deviation window is expanded ever so slightly, so that it can adjust if this anomalous data becomes seasonal this calculation is done because in live data, it is sometimes not preferable for one large anomaly to drastically change the moving average and moving standard deviations with the control chart mode , this calculation can be completely bypassed, if all you need to check is whether the value is within upper/lower limit or not if control chart mode is enabled, there will be no modifications done to the moving window before calculation currently if you have very small deviations (close to 0), it is difficult to distinguish between anomalous data, so it would be better to have a larger window size for those kinds of data expected output fields timestamp, current value, moving average, moving standard deviation, upper limit, lower limit, total anomalies, and anomaly field replaces current value, if detected anomaly detection parameters true false 182false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type false unhandled content type note when creating an analytics flow with anomaly detection processor, refer the use the anomaly detection function docid\ sfje0gkzz7xasyivf14x guide for more details