Weekly Report - 10/10/14




Spent the first couple of days rewriting/restructuring the eventing script since it was a real abomination of a script (atleast the functions had been well documented/named so it was not too painful). Also rewrote the probabilities script so that each time series subtype (e.g. AMP ICMP/rrd Smokeping) would be a separate module and have its own sets of probabilities. This also makes it easier to add new modules later on. Using the AMP-specific probabilties, I re-ran anomalyts using the original series used for the ground truth and got a list of event groups and their significance ratings. Then, I attempted to match the output produced by the eventing script (i.e. event groups and their significance probability) and the original manually classified ground truth. In theory, most of the detectors' behaviour should have been very similar to those found from the ground truth since they are using the exact same latency values, but for some reason there were missing/additional events. This was expected behaviour for the Changepoint/HMM Detectors, but there were some differences with detectors that relied on the Plateau algorithm (Plateau, TEntropy-Stddev, and TEntropy-Meandiff detectors). Spent the remainder of the week comparing events from the two sources and flagging those that needed to be investigated.