Excellent article! Minor nit: stdev() only works the way you want if the data being measured follows a normal distribution over the interval (i.e. bell curve). That's generally very rare in log data. Try percentile() and use boxplot-whisker calculations for anomaly detection. (e.g. 75th + (1.5 * ( 75th - 25th ))).
Doh, I made this comment before reading the rest of your articles... While I stand by my comment, you clearly didn't need to hear it from a dumbass like me :)
Excellent article! Minor nit: stdev() only works the way you want if the data being measured follows a normal distribution over the interval (i.e. bell curve). That's generally very rare in log data. Try percentile() and use boxplot-whisker calculations for anomaly detection. (e.g. 75th + (1.5 * ( 75th - 25th ))).
Oh wow, great call out! I will have to test it out more. Thank you for sharing!
Doh, I made this comment before reading the rest of your articles... While I stand by my comment, you clearly didn't need to hear it from a dumbass like me :)