Anomaly detection threshold




Based on the docs here, say we have configured to use a 5-minute sliding window where 3-minute samples need to violate the threshold to raise an event.

What happens if, the anomaly is detected only twice every 5 mins over1 hour?

1100 - 1105 - failed 2 times
1105 - 1110 - failed 2 times
1110 - 1115 - failed 2 times

1155 - 1200 - failed 2 times


Will an alert still be created?


Will the AI baseline the service against a threshold, where even if the anomaly is detected few times, every 5 mins, once the error rate for the service crosses the threshold, an alert is generated?





The 5 minute sliding window doesn't slide in 5 minute increments.  It's a five minute window that slides every minute.  The window starts at the first occurrence.  The answer to your question depends on where in those time blocks the condition occurs.  Using the first two time blocks, if the condition occurs at 1104, the window starts and the window slides to the next minute.  Then if there's a reoccurrence in at 1107 (in window) and 1108 (in window),  you would get an alert.


Now if the condition does not re-occur in the 1109 minute the event would resolve because the 1104 event would fall outside the five minute window.