Some questions on Anomaly Detection

Hello HTM community!
My name is Paolo and I’m using nupic in order to perform anomaly detection on the KPIs of a computer(e.g. CPU usage, Wait IO, …). I watched all the videos of the Numenta school ( and read some of papers in order to understand the theory on which the algorithm is based. Then I started with the Hot Gym tutorial and I understood how to use nupic for my own purpose.
My first approuch was using the swarm algorithm to obtain the model parameters for the anomaly detection. Since my KPIs are all scalar values I switched to the function getScalarMetricWithTimeOfDayAnomalyParams. My first question is this: is my approach right? If this isn’t the best approach do you have any suggestion?
Another issue is that I have to decide which is the anomaly threshold for each kpi. I’ve read that a function for the auto detection for the anomaly threshold is available. Furthermore I noticed that in the model parameters there are these parameters:

'anomalyParams': { 'anomalyCacheRecords': None,
                                'autoDetectThreshold': None,
                                 'autoDetectWaitRecords': None}

Can someone suggest me how to set the autoDetectThreshold parameter? Is there a function in order to do that? Is this the best approach or do I have to set the threshold manually for each KPI?

Thank you in advance and forgive me for my English.


Yes, as long as you are doing scalar anomaly detection. How many streams do you want to analyze? You might try one model per scalar stream, or try combining multiple scalar streams per model.

I think you’ll find the same threshold works for them all.

I think you can ignore those.

You did well!

1 Like