[ML] Use anomaly score explanation for chart tooltip multi-bucket impact #146866
Conversation
peteharverson
added
release_note:enhancement
review
:ml
Feature:Anomaly Detection
|
Pinging @elastic/ml-ui (:ml) |
| @@ -27,7 +27,7 @@ export const TimeSeriesExplorerHelpPopover = () => { | |||
| <p> | |||
| <FormattedMessage | |||
| id="xpack.ml.timeSeriesExplorer.popoverAnomalyExplanation" | |||
| defaultMessage="An anomaly score is calculated for each bucket time interval, with a value from 0 to 100. Anomalous events are highlighted in colors that indicate their severity. If an anomaly is depicted with a cross symbol instead of a dot, it has a medium or high multi-bucket impact. This extra analysis can catch anomalies even when they fall within the bounds of expected behavior." | |||
| defaultMessage="An anomaly score is calculated for each bucket time interval, with a value from 0 to 100. Anomalous events are highlighted in colors that indicate their severity. If an anomaly is depicted with a cross symbol instead of a dot, it has a moderate, significant or high multi-bucket impact. This extra analysis can catch anomalies even when they fall within the bounds of expected behavior." | |||
There was a problem hiding this comment.
Not sure if there should be another comma after 'significant' or not for clarity 🤔 To signify there are three levels of impact.
There was a problem hiding this comment.
Added the Oxford comma after consultation with @szabosteve in aecb00b
There was a problem hiding this comment.
Yeah, it might be a good idea to use the Oxford comma here, so it's easier to identify the three levels. Even if the sentence is grammatically correct without the second comma, too.
EDIT: Sorry, didn't see Pete's comment above.
| } | ||
|
|
||
| if (sb !== undefined && mb > sb) { | ||
| return (((mb - sb) * mb) / sb) * 1.7 >= 2; |
There was a problem hiding this comment.
Can we add in a comment to add some context for this formula? E.g. why are we multiplying by 1.7?
There was a problem hiding this comment.
It isn't easy coming up with a clear explanation of this calculation, but I added a comment which hopefully provides some help in aecb00b.
|
Tested and LGTM 🎉 Just left a few nit comments. |
peteharverson
force-pushed
the
ml-multi-bucket-chart-tooltip
branch
from
eb64ad6 to
0df33ad
Compare
| tooltip += '\u25A1 '; // Unicode hollow square | ||
| } | ||
|
|
||
| return tooltip; |
There was a problem hiding this comment.
there are probably 100 different ways to do this, but here's a suggestion that uses fill:
return new Array(5).fill('\u25A0 ', 0, numFilledSquares).fill('\u25A1 ', numFilledSquares).join('')There was a problem hiding this comment.
Done in 6a4a0ba
💚 Build Succeeded
Metrics [docs]Module Count
Async chunks
Page load bundle
Unknown metric groupsESLint disabled in files
ESLint disabled line counts
Total ESLint disabled count
History
To update your PR or re-run it, just comment with: |
Summary
Follow-up to #142999, using the
multi_bucket_impactfield from theanomaly_score_explanationdata to populate the multi-bucket information in the anomaly chart tooltip using the same visualization style as used in the expanded table row.The anomaly charts in the Anomaly Explorer and Single Metric Viewer, and the severity cell in the anomalies table now use a new
isMultiBucketAnomalycheck inml/common/util/anomaly_utils.tsm to determine whether to indicate the anomaly as multi-bucket with the plus-shaped symbol. Note that this will result in some changes to whether anomalies are plotted as multi-bucket anomalies. Specifically anomalies with a 'moderate' multi-bucket impact are now likely to be marked with a plus symbol where before they were not:Before:
After:
Checklist
Delete any items that are not applicable to this PR.