"Calculate" action enables anomaly detection

Let's use "calculate" action to create a dynamic threshold value for our "conditional block" action.

• Capture the Kibana Discover's hits count integer value of the last hour
• Capture the same, but for the last 24 hours
• Use the "calculate" action to obtain the hourly mean hit count over the past 24h
• Use the "conditional block" action to compare the last hour reading to the 24h mean
• If the difference is less than 20%, don't send the alert

Capture the Kibana Discover's hits count integer value of the last hour

Capture the same, but for the last 24 hours

Use the "calculate" action to obtain the hourly mean hit count over the past 24h

Use the "conditional block" action to compare the last hour reading to the 24h mean

If the difference is less than 20%, don't send the alert

This example is by default included in the job templates in any new installation of Anaphora.