New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[ML] Anomaly detection rule lookback interval improvements #97370
[ML] Anomaly detection rule lookback interval improvements #97370
Conversation
This reverts commit e039f25
Pinging @elastic/ml-ui (:ml) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I left two minor suggestions.
Math.round( | ||
resolveBucketSpanInSeconds(jobsResponse.map((v) => v.analysis_config.bucket_span)) * 2 | ||
), | ||
Math.round(maxBucket * 2), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please ignore these changes. Rule executor now utilized fetchResult
function.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
UI text LGTM! Thanks! 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
) { | ||
return datafeedsResults[0]; | ||
if (Array.isArray(datafeedsResults)) { | ||
const result = datafeedsResults.filter((d) => jobIds.includes(d.job_id)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
this line could be moved down a few lines so result
is only created just before being used.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
I am not qualified to review the details of the TypeScript code, but the high level approach looks like what was agreed. 👍
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested and LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few suggestions for the functional tests.
Also, I've noticed that the created alerts are not cleaned up after the test. Would be good to create a service method for it and add that to the after
method of the suite.
thanks for the feedback @pheyos! as we discussed, I'm going to address your comments in a follow-up PR |
…7370) * [ML] add advanced settings * [ML] default advanced settings * [ML] advanced settings validators * [ML] range control for top n buckets * [ML] execute rule with a new query for most recent anomalies * [ML] find most anomalous bucket from the top N * Revert "[ML] range control for top n buckets" This reverts commit e039f25 * [ML] validate check interval against the lookback interval * [ML] update descriptions * [ML] fix test subjects * [ML] update warning message * [ML] add functional tests * [ML] adjust unit tests, mark getLookbackInterval * [ML] update lookback interval description and warning message * [ML] update fetchResult tsDoc * [ML] cleanup * [ML] fix imports to reduce bundle size * [ML] round up lookback interval * [ML] update functional test assertion * [ML] async import for validator
💚 Backport successful
This backport PR will be merged automatically after passing CI. |
…97595) * [ML] add advanced settings * [ML] default advanced settings * [ML] advanced settings validators * [ML] range control for top n buckets * [ML] execute rule with a new query for most recent anomalies * [ML] find most anomalous bucket from the top N * Revert "[ML] range control for top n buckets" This reverts commit e039f25 * [ML] validate check interval against the lookback interval * [ML] update descriptions * [ML] fix test subjects * [ML] update warning message * [ML] add functional tests * [ML] adjust unit tests, mark getLookbackInterval * [ML] update lookback interval description and warning message * [ML] update fetchResult tsDoc * [ML] cleanup * [ML] fix imports to reduce bundle size * [ML] round up lookback interval * [ML] update functional test assertion * [ML] async import for validator Co-authored-by: Dima Arnautov <dmitrii.arnautov@elastic.co>
💛 Build succeeded, but was flaky
Test FailuresKibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis field distribution "before all" hook for "should return a 404 for missing index patterns"Standard Out
Stack Trace
Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis field distribution "after all" hook for "should apply filters and queries"Standard Out
Stack Trace
Kibana Pipeline / general / X-Pack API Integration Tests.x-pack/test/api_integration/apis/lens/field_stats·ts.apis Lens index stats apis "after all" hook in "index stats apis"Standard Out
Stack Trace
Metrics [docs]Module Count
Async chunks
Page load bundle
History
To update your PR or re-run it, just comment with: cc @darnautov |
…7370) * [ML] add advanced settings * [ML] default advanced settings * [ML] advanced settings validators * [ML] range control for top n buckets * [ML] execute rule with a new query for most recent anomalies * [ML] find most anomalous bucket from the top N * Revert "[ML] range control for top n buckets" This reverts commit e039f25 * [ML] validate check interval against the lookback interval * [ML] update descriptions * [ML] fix test subjects * [ML] update warning message * [ML] add functional tests * [ML] adjust unit tests, mark getLookbackInterval * [ML] update lookback interval description and warning message * [ML] update fetchResult tsDoc * [ML] cleanup * [ML] fix imports to reduce bundle size * [ML] round up lookback interval * [ML] update functional test assertion * [ML] async import for validator
Summary
Part of #96381
This PR Improves the lookback interval logic. Instead of a plain time range query for 2x bucket spans the rule executor performs the following:
max(2m, 2 * bucket_span) + query_delay + 1s
date_histogram
aggregation with a fixed interval of the bucket span length and descending ordermax
aggregation to retrieve the maximum anomaly score within each bucket of time1
by default for bucket spans bigger than 1 minute, or60/bucket_span_in_sec
for buckets smaller than 1 minute.As mentioned above, it's possible to override the lookback interval and the number of buckets params by the user in the rule flyout. The warning callout pops up in case the rule check interval is higher than the lookback interval.
Checklist