Hello Matt,
if there are there some limits for model, how can I know if I'm pushing
too much into model, is there some further materials about this topic?
Also when you have multiple models then how you can combine them to
something useful? Correct me if I'm wrong but I guess that this was
discussed by Scott Purdy in Science of anomaly detection video. He've
explained that grok uses multiple models for memory, cpu, io etc. which
are separated (model for io does not sees cpu data and vice versa).
Basically when you want detect something unusual then you're searching
for anomalies from those separated models and check if they are
reporting anomaly at the same time. Am I wrong?
Thank you very much
On 02/12/2016 05:53 PM, Matthew Taylor wrote:
Daniel,
The first thing that strikes me about your description is that you're
only creating one model for all the data. Is there a way to split the
data up, perhaps by URL? If there are too many URLs to create models for
each one, try to identify another way to logically sort this input data
into categories with patterns that a human could understand and analyze.
I think the main problem is that you're pushing too much data into one
model. If you can figure out a way to split it into multiple models
you'll probably be more successful.
Let me know what you think.
Regards,
---------
Matt Taylor
OS Community Flag-Bearer
Numenta
