Anomaly merger rules
In ThirdEye, a detection pipeline runs at a given frequency, defined by the cron
value.
Let's consider a pipeline that runs every hour. What happens if an incident lasts 3 hours ?
The detection pipeline will detect an anomaly 3 times, but it is actually the same incident. We want a single anomaly for this.
When ThirdEye detects new anomalies, the following rules are applied:
- if a new anomaly happens less than 2 hours after a previous one, merge the anomalies
- if an anomaly lasts for more than 7 days, create a new anomaly
The merging rules are configurable in the ANOMALY_MERGER node.
Examples:
Merging anomalies
Creating a new anomaly when the maximum length is reached