I have roughly 1400 logs in my OpenSearch index. Roughly 835 are historical, and now I am continuously ingesting using Kinesis Firehose. Rows in my index
When I am creating a detector I am not able to preview this data, I get the following alert:
"No sample anomaly result generated. Please check the detector interval and make sure you have >400 data points during the preview date range."Error screenshot
My detector interval- is 3 minutes, window delay- is 1 minute, and window size- is 8.
My data is in the following format, Log data
Historical data can also be found here: Dataset
I did not get an anomaly here:
I also have a template for my index:
PUT _template/logs
{
"index_patterns": ["logs*"],
"settings": {
"number_of_shards": 1,
"number_of_replicas": 1
},
"mappings": {
"properties": {
"timestamp": {
"type": "date",
"format": "epoch_second"
}
}
}
}
This is the first time I am working with anomaly detectors not sure if this is expected or I am missing something.
