= Fluent::Plugin::Anomalydetect
To detect anomaly for log stream, use this plugin.
Then you can find changes in logs casually.
= Installation
Add this line to your application's Gemfile:
gem 'fluent-plugin-anomalydetect'
And then execute:
$ bundle
Or install it yourself as:
$ gem install fluent-plugin-anomalydetect
== Usage
type file
...
tag access.log
type anomalydetect
tag anomaly.access
tick 86400
type file
...
Then the plugin output anomaly log counts in each day.
This plugin watches a value of input record number in the interval set with `tick`.
If you want to watch a value for a target field in data, write below:
type anomalydetect
tag anomaly.access
tick 86400
target fieldname
== more configuration
type anomalydetect
tag anomaly.access
tick 86400
target fieldname
outlier_term 7
outlier_discount 0.5
smooth_term 7
score_term 28
score_discount 0.01
If you want to know detail of these parameters, see "Theory".
type anomalydetect
...
store_file /path/to/anomalydetect.dat
If "store_file" option was specified, a historical stat will be stored to the file at shutdown, and it will be restored on started.
type anomalydetect
...
threshold 3
If "threshold" option was specified, plugin only ouput when the anomalyscore is more than threshold.
type anomalydetect
...
trend up
If "trend" option was specified, plugin only ouput when the input data tends to up (or down).
== Theory
"データマイニングによる異常検知" http://amzn.to/XHXNun
= TODO
== threshold
fluentd outputs value when the outlier value over threshold
== FFT algorithms
= Copyright
Copyright:: Copyright (c) 2013- Muddy Dixon
License:: Apache License, Version 2.0