The project I’m currently working on has a use case for both scenarios (real-time anomaly detection and wider anomaly detection analysis done in off-hours). I think it would be beneficial to implement more ML, alongside anomaly detection for the off-hours analysis. Here is how I planned to use this feature:
Real time use-case:
I was hoping to use real time anomaly detection to give a heads-up to the operations team about possible indications that an outage of the system would occur so they could take appropriate actions to mitigate the risk before it actually happens.
Cluster idle time use-case 1:
A lot of business logic data is captured through app logs that my system ingests. I think it would be great if I could use the existing data to build a regression model which could predict certain business parameters - such as the number of expected transactions. If we regard higher-than-expected number of transactions as anomalies, I think it would be beneficial to capture what other parameters contributed/hinted to the appearance of those anomalies. With that knowledge, I’d like to provide my clients with an information (based on param1, param2, param3 values, we expect the number of transactions to be X in the specific time period).
I hope you find this information useful
Thank you for taking the time to go through all of this. I’m a great fan of the work OpenDistro team is doing and I’m excitedly waiting to hear what new features you will come up with next