Anomaly Detector by Query
The anomaly detector examines the time-based data in the log records in the specified time interval according to the defined queries and filters, and detects anomalies caught in the threshold value. Actions can be added if an anomaly is detected.
Anomaly Detection, in its simplest sense, is a technique for finding unexpected situations or patterns in a data. These contingencies or patterns are actually situations or patterns that do not conform to the expected behavior of a data. These unexpected situations are called outliers, exceptions or anomalies in the literature.
Let's say you spend about 200-300 TL on your credit card every month. In other words, in your bank's profile, you are a customer who makes low-budget expenditures every month. So what happens if you make a purchase of 1500 TL one day?
In fact, this indicates that you are out of your normal behavior and that you are a customer who normally spends 200-300 TL at the most, but suddenly you become a customer who unexpectedly spends 1500 TL. This is actually an anomaly behavior. In this case, if your bank uses anomaly detection techniques, it predicts that it may be a credit card fraud and sends you a message. This simple example is actually an example of anomaly detection.
The picture below shows the Anomaly Detector by Query settings:
The fields used for the anomaly detector configuration with the query are shown in the table below.
Field | Description |
|---|---|
| Name | It is the name information of the created detector. |
Description | A description can be written to facilitate the management of the created detector. |
Environment | An environment is selected for the created detector. |
Query | It is the query information created/selected to analyze the log records. A new query can be created and/or a selection can be made from existing queries. |
Filter | It is the filter information to be added to the created/selected query. A new filter can be created and/or an existing filter can be selected. |
Threshold | The value obtained by dividing the sum of the total number of results of the query and the total number of results of the filter by the total number of results of the filter gives the threshold percentage. |
Action | When the created monitor is operated, the transmission format to the user is determined:
|
Schedule | The operating frequency of the monitor created with the Job Scheduler is determined. |
Retention | Select the retention period of the log records:
|
The picture below shows the Anomaly Detector by Query result list:
The operation records and results of the monitor can be viewed in detail in this page.