Anomaly detector suggestions
This is an experimental feature and is not recommended for use in a production environment. For updates on the progress of the feature or if you want to leave feedback, join the discussion on the OpenSearch forum.
The OpenSearch Dashboards Assistant can use a large language model (LLM) to suggest the creation of an anomaly detector. The LLM analyzes data patterns in your OpenSearch indexes and recommends configuration settings for the anomaly detector, making it easier to identify unusual activity or trends in your data.
Configuration
To configure anomaly detector suggestions, use the following steps.
Prerequisite
Before using anomaly detector suggestions, enable query enhancements in OpenSearch Dashboards as follows:
- On the top menu bar, go to Management > Dashboards Management.
- In the left navigation pane, select Advanced settings.
- On the settings page, toggle Enable query enhancements to On.
Step 1: Enable anomaly detector suggestions
To enable anomaly detector suggestions, configure the following opensearch_dashboards.yml
setting:
assistant.smartAnomalyDetector.enabled: true
copy
Step 2: Create an anomaly detector suggestion agent
To orchestrate anomaly detector suggestions, create an anomaly detector suggestion agent. To create an agent, send a POST /_plugins/_flow_framework/workflow?provision=true
request and provide the agent template as a payload. For more information, see Configuring OpenSearch Assistant.
For sample agent templates, see Flow Framework sample templates. Note the agent ID; you’ll use it in the following step.
Step 3: Configure the agent
Next, configure the anomaly detector suggestion agent created in the previous step:
POST /.plugins-ml-config/_doc/os_suggest_ad
{
"type": "suggest_anomaly_detector_agent",
"configuration": {
"agent_id": "<SUGGEST_ANOMALY_DETECTOR_AGENT_ID>"
}
}
copy
This example demonstrates a system index. In security-enabled domains, only superadmins have permissions to execute this code. For information about making superadmin calls, see System indexes. For access permissions, contact your system administrator.
Step 4: Test the agent
You can verify that the agent was created successfully by calling the agent with an example payload:
POST /_plugins/_ml/agents/<SUGGEST_ANOMALY_DETECTOR_AGENT_ID>/_execute
{
"parameters": {
"index":"sample_weblogs_test"
}
}
copy
Viewing anomaly detector suggestions in OpenSearch Dashboards
To view anomaly detector suggestions in OpenSearch Dashboards, use the following steps:
On the top menu bar, go to OpenSearch Dashboards > Discover.
From the index pattern dropdown list, select an index pattern.
Select the AI assistant dropdown list and then select Suggest anomaly detector, as shown in the following image.
Wait for the LLM to populate the Suggest anomaly detector fields that will be used to create an anomaly detector for the index pattern. Then select the Create detector button to create an anomaly detector, as shown in the following image.