Error when defining monitor using anomaly detector #28

WassimDhib · 2020-01-13T12:14:46Z

Hi,

I created 2 anomaly detectors with the API : POST _opendistro/_anomaly_detection/detectors

This works (kibana data sample)

{
    "name":"datasample-detector",
    "description":"test detector",
    "time_field":"order_date",
    "indices":[
        "kibana_sample_data_ecommerce"
    ],
    "feature_attributes":[
        {
            "feature_name":"products_price",
            "feature_enabled":true,
            "aggregation_query":{
                "value_sum":{
                    "sum":{
                        "field":"products.price"
                    }
                }
            }
        }
    ],
    "filter_query":{
        "bool":{
            "filter":[
                {
                    "exists":{
                        "field":"products.price",
                        "boost":1
                    }
                }
            ],
            "adjust_pure_negative":true,
            "boost":1
        }
    },
    "detection_interval":{
        "period":{
            "interval":1,
            "unit":"Minutes"
        }
    }
}

This doesn't work (elastic apm data), Kibana fails with this error:

Request URL:https://xxx/api/alerting/detectors/KMeKnm8BZ8Z8yBcKP6q-/results?endTime=1578917414813&preview=true&startTime=1578485414813
{"ok":false,"error":"Cannot read property 'length' of undefined"}

{
    "name":"apm-detector",
    "description":"test detector",
    "time_field":"@timestamp",
    "indices":[
        "apm-*"
    ],
    "feature_attributes":[
        {
            "feature_name":"transaction_duration_us",
            "feature_enabled":true,
            "aggregation_query":{
                "value_sum":{
                    "sum":{
                        "field":"transaction.duration.us"
                    }
                }
            }
        }
    ],
    "filter_query":{
        "bool":{
            "filter":[
                {
                    "exists":{
                        "field":"transaction.duration.us",
                        "boost":1
                    }
                }
            ],
            "adjust_pure_negative":true,
            "boost":1
        }
    },
    "detection_interval":{
        "period":{
            "interval":1,
            "unit":"Minutes"
        }
    }
}

The text was updated successfully, but these errors were encountered:

WassimDhib · 2020-01-13T23:18:11Z

I add error log from elasticsearch plugin

[2020-01-13T23:16:34,756][ERROR][c.a.o.a.r.RestExecuteAnomalyDetectorAction] [node-1] Unexpected error running anomaly detector DWzioG8BVeGzHFZ6yTfn
java.lang.NegativeArraySizeException: -11
        at com.amazon.opendistroforelasticsearch.ad.dataprocessor.LinearUniformInterpolator.interpolate(LinearUniformInterpolator.java:55) ~[?:?]
        at com.amazon.opendistroforelasticsearch.ad.feature.FeatureManager.getPreviewRanges(FeatureManager.java:359) ~[?:?]
        at com.amazon.opendistroforelasticsearch.ad.feature.FeatureManager.lambda$getPreviewFeatures$14(FeatureManager.java:277) ~[?:?]
        at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:62) [elasticsearch-7.2.1.jar:7.2.1]
        at com.amazon.opendistroforelasticsearch.ad.feature.FeatureManager.lambda$getSamplesForRanges$19(FeatureManager.java:342) [opendistro-anomaly-detection-1.2.1.0-alpha.jar:1.2.1.0-alpha]
        at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:62) [elasticsearch-7.2.1.jar:7.2.1]
        at com.amazon.opendistroforelasticsearch.ad.feature.SearchFeatureDao.lambda$getFeatureSamplesForPeriods$24(SearchFeatureDao.java:196) [opendistro-anomaly-detection-1.2.1.0-alpha.jar:1.2.1.0-alpha]
        at org.elasticsearch.action.ActionListener$1.onResponse(ActionListener.java:62) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:68) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.TransportMultiSearchAction$1.finish(TransportMultiSearchAction.java:177) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.TransportMultiSearchAction$1.handleResponse(TransportMultiSearchAction.java:163) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.TransportMultiSearchAction$1.onResponse(TransportMultiSearchAction.java:151) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.TransportMultiSearchAction$1.onResponse(TransportMultiSearchAction.java:148) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:68) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.support.TransportAction$1.onResponse(TransportAction.java:64) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onResponse(AbstractSearchAsyncAction.java:316) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.onResponse(AbstractSearchAsyncAction.java:51) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase$3.run(FetchSearchPhase.java:213) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:166) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:159) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.ExpandSearchPhase.run(ExpandSearchPhase.java:120) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executePhase(AbstractSearchAsyncAction.java:166) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.AbstractSearchAsyncAction.executeNextPhase(AbstractSearchAsyncAction.java:159) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase.moveToNextPhase(FetchSearchPhase.java:206) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase.lambda$innerRun$2(FetchSearchPhase.java:104) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase.innerRun(FetchSearchPhase.java:118) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase.access$000(FetchSearchPhase.java:44) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.action.search.FetchSearchPhase$1.doRun(FetchSearchPhase.java:86) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.common.util.concurrent.TimedRunnable.doRun(TimedRunnable.java:44) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.common.util.concurrent.ThreadContext$ContextPreservingAbstractRunnable.doRun(ThreadContext.java:758) [elasticsearch-7.2.1.jar:7.2.1]
        at org.elasticsearch.common.util.concurrent.AbstractRunnable.run(AbstractRunnable.java:37) [elasticsearch-7.2.1.jar:7.2.1]
        at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1128) [?:?]
        at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:628) [?:?]
        at java.lang.Thread.run(Thread.java:835) [?:?]

wnbts · 2020-01-13T23:34:16Z

That error indicates there is no data from the specified index. Can you confirm?

Kibana has a known issue of blocking alert creation when there is no data in the index. Until that issue is fixed, the workaround is to add enough data to the index.

WassimDhib · 2020-01-14T11:04:15Z

I have data in the apm indices (many thousands of documents)

GET /_cat/indices 
yellow open apm-7.2.1-span-2020.01.13                       4byhx3H6R_ihXT7xoOoC3g 1 1 220748 0  57.7mb  57.7mb
yellow open apm-7.2.1-metric-2020.01.13                     PIpzQVcTTAC1CM_pBgq-0Q 1 1   3686 0 408.6kb 408.6kb
yellow open apm-7.2.1-transaction-2020.01.13                MakQ6T3VRLqsbMn_tI1Kjw 1 1  82161 0  34.3mb  34.3mb
yellow open apm-7.2.1-onboarding-2020.01.13                 2i3OlAyQQjGNX5SlJFZ-JA 1 1      1 0   6.4kb   6.4kb

wnbts · 2020-01-14T18:05:17Z

I don't have the proprietary apm data. But from the picture, it looks like there is only five minutes of data. And how many remains after the filtering? Kibana should not block monitor creation on preview results. That is an issue to fix. For now, the workaround is to have enough data in the index. A day of data should suffice.

WassimDhib · 2020-01-14T20:33:16Z

yes it works with more data!

wnbts mentioned this issue Jan 14, 2020

return no data error message to preview #29

Merged

WassimDhib closed this as completed Jan 14, 2020

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Error when defining monitor using anomaly detector #28

Error when defining monitor using anomaly detector #28

WassimDhib commented Jan 13, 2020

WassimDhib commented Jan 13, 2020

wnbts commented Jan 13, 2020 •

edited

Loading

WassimDhib commented Jan 14, 2020

wnbts commented Jan 14, 2020

WassimDhib commented Jan 14, 2020

Error when defining monitor using anomaly detector #28

Error when defining monitor using anomaly detector #28

Comments

WassimDhib commented Jan 13, 2020

WassimDhib commented Jan 13, 2020

wnbts commented Jan 13, 2020 • edited Loading

WassimDhib commented Jan 14, 2020

wnbts commented Jan 14, 2020

WassimDhib commented Jan 14, 2020

wnbts commented Jan 13, 2020 •

edited

Loading