Detecting anomalies in real-time in multiple time series data with automated thresholding

摘要

An approach is provided for detecting an anomaly in a processing environment. The approach includes using a processor to obtain a series of values collected within a processing interval of the processor in the processing environment. The processor normalizes this first series of values to obtain a first series of normalized values. A second series of normalized values is generated by applying a predictive filter to the first series of normalized values. A comparison score is generated from the normalized values by comparing the first series of normalized values and the second series of normalized values. The approach then determines whether the comparison score represents an anomaly relative to at least one other comparison score derived from values collected within the processing interval.

主权项

1. A method for detecting an anomaly in a processing environment, the method comprising:
obtaining, by a processor, a series of values collected within a processing interval of the processor of the processing environment, wherein the values comprise transactional data provided from more than one source in the processing environment; normalizing, by the processor, the series of values to obtain a first series of normalized values; generating a second series of normalized values by applying a predictive filter to the first series of normalized values, wherein each normalized value in the second series of normalized values comprises a predicted value based on a value in the first series of normalized values, predicted at a later time in the processing interval, by utilizing the predictive filter; generating a comparison score by comparing the first series of normalized values to the second series of normalized values; and determining whether the comparison score represents an anomaly relative to at least one other comparison score derived from values collected within the processing interval.