How to use AnomalyDetection_ChangePoint Anomaly detection?

Novin George Thomas 0

Hi , I look to find the anomaly detection using AnomalyDetection_ChangePoint two parameters using Tumbling window grouping(since its a non stable value input), but I have doubt regarding the set point, is it possible to give a set point or threshold kind of value using this Anomaly function, please find my current sql query below, I need help to write anomaly detection for both 'v_dist' and 'v_freq',. I understood the spike and dips function but unclear here in this Anomaly function

WITH s1 AS (
SELECT
    PublishTimestamp AS DeviceTimestamp,
    GetArrayElement(GetArrayElement(Content, 0).Data, 0) AS DataRecords
FROM [iciiothub-1]
)
SELECT s1.DeviceTimestamp,
       s1.DataRecords,
       ValueRecords.ArrayValue.DisplayName,
       ValueRecords.ArrayValue.Address,
       ValueRecords.ArrayValue.Value      
INTO
[accelerometerAnomaly-1]
FROM s1
CROSS APPLY GetArrayElements(DataRecords.[Values]) AS ValueRecords
 
WHERE
    ValueRecords.ArrayValue.DisplayName IN ('v_dist','v_freq')

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Novin George Thomas 0

Hi @KranthiPakala-MSFT I'm Getting error : Analytic functions can not be used in JOIN ON and GROUP BY expressions. When used in SELECT of a GROUP BY query they can only appear in the argument to an aggregate function such as in SUM(LAG(x) OVER(LIMIT DURATION(ss, 5)). Encountered 'AnomalyDetection_ChangePoint ( ValueRecords . ArrayValue . Value , 95 , 3 )'. Actually the input is from IoTedge modbus module please find below, the Values is in array, and I came to know that if we are using GetArrayElement Tumbling window cannot be used, I' not sure about it Input JSON sample:

[
{
    "PublishTimestamp": "2024-01-10 15:52:57",
    "Content": [
      {
        "HwId": "PowerMeter-0a:01:01:01:01:01",
        "Data": [
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-10 15:14:54",
            "Values": [
              {
                "DisplayName": "KWH",
                "Address": "400001",
                "Value": "354"
              },
              {
                "DisplayName": "v_freq",
                "Address": "400009",
                "Value": "2839"
              },
              {
                "DisplayName": "v_dist",
                "Address": "400008",
                "Value": "45"
              }
            ]
          },
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-10 15:14:55",
            "Values": [
              {
                "DisplayName": "Active_Power_Total",
                "Address": "400006",
                "Value": "116"
              },
              {
                "DisplayName": "VYB",
                "Address": "400003",
                "Value": "228"
              },
              {
                "DisplayName": "VBR",
                "Address": "400005",
                "Value": "224"
              },
              {
                "DisplayName": "Frequency",
                "Address": "400007",
                "Value": "137"
              },
              {
                "DisplayName": "VRY",
                "Address": "400004",
                "Value": "222"
              },
              {
                "DisplayName": "KVAH",
                "Address": "400002",
                "Value": "410"
              },
              {
                "DisplayName": "KWH",
                "Address": "400001",
                "Value": "371"
              },
              {
                "DisplayName": "v_freq",
                "Address": "400009",
                "Value": "1091"
              },
              {
                "DisplayName": "v_dist",
                "Address": "400008",
                "Value": "24"
              }
            ]
          }
        ]
      }
    ],
    "EventProcessedUtcTime": "2024-01-10T16:34:00.6908086Z",
    "PartitionId": 0,
    "EventEnqueuedUtcTime": "2024-01-10T15:53:02.1310000Z",
    "IoTHub": {
      "MessageId": null,
      "CorrelationId": null,
      "ConnectionDeviceId": "edgevm1",
      "ConnectionDeviceGenerationId": "638400574809585722",
      "EnqueuedTime": "2024-01-10T15:53:01.7730000Z"
    }
  }
]

1 answer

Sander van de Velde 28,386 MVP

Hello @Novin George Thomas,

welcome to this moderated Azure community forum.

Azure Stream Analytics support single point anomaly detection. The difference with a tipping point alert is that it tries to figure out if there is an anomaly based on:

the type of anomaly (spike, dip, etc.)
the value to check
the number of (past) messages to compare
the expected duration these message arrive
the confidence needed

With the query seen above, you first need to provide a stream having the values you want to check.

For each value, write an extra select having the anomaly detection.

Lastly, based on the outcome of the anomaly detection outcome, you can construct a message to output.

Check out this blog post with examples based on dip and spike anomaly detection. This also applies to ChangePoint anomaly detection.

If the response helped, do "Accept Answer". If it doesn't work, please let us know the progress. All community members with similar issues will benefit by doing so. Your contribution is highly appreciated.

Novin George Thomas 0 Reputation points

2024-01-18T18:21:39.66+00:00

Hi @Sander van de Velde , Thank you for the information, here the output is from and industrial accelerometer which will have two parameters 'v_dist' and 'v_freq', In real-time the values will fluctuating within a small range. So from the documentation, I understood that for non-uniform input we need to do Tumbling window and average it, Upto this point I;m clear about it, after doing the tumbling window aggregation how we can define a set point or threshold to define if its exceeds this point its an Anomaly, In the above example where Kranthi has share while I ran the query I'm getting error and also got know what GetArrayElements wont work with Tumbling window, I'm not sure about it too
Sander van de Velde 28,386 Reputation points MVP

2024-01-18T22:25:37.0866667+00:00

Hello @Novin George Thomas , can you break down the query in steps? First you select the two parameters from the incoming messages, then you use windowing on those outcomes, select the anomaly detection on the windowed information and then select the aomaly outcome?

Novin George Thomas 0

Hi @Sander van de Velde , my Input JSON sample as follows

[
  {
    "PublishTimestamp": "2024-01-19 07:04:35",
    "Content": [
      {
        "HwId": "PowerMeter-0a:01:01:01:01:01",
        "Data": [
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:33",
            "Values": [
              {
                "DisplayName": "KVAH",
                "Address": "400002",
                "Value": "554"
              }
            ]
          },
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:34",
            "Values": [
              {
                "DisplayName": "VYB",
                "Address": "400003",
                "Value": "220"
              }
            ]
          },
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:35",
            "Values": [
              {
                "DisplayName": "VRY",
                "Address": "400004",
                "Value": "223"
              }
            ]
          }
        ]
      }
    ],
    "EventProcessedUtcTime": "2024-01-19T07:08:29.3980244Z",
    "PartitionId": 0,
    "EventEnqueuedUtcTime": "2024-01-19T07:04:36.9530000Z",
    "IoTHub": {
      "MessageId": null,
      "CorrelationId": null,
      "ConnectionDeviceId": "edgevm1",
      "ConnectionDeviceGenerationId": "638400574809585722",
      "EnqueuedTime": "2024-01-19T07:04:36.3280000Z"
    }
  },
  {
    "PublishTimestamp": "2024-01-19 07:04:37",
    "Content": [
      {
        "HwId": "PowerMeter-0a:01:01:01:01:01",
        "Data": [
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:35",
            "Values": [
              {
                "DisplayName": "VBR",
                "Address": "400005",
                "Value": "222"
              },
              {
                "DisplayName": "Active_Power_Total",
                "Address": "400006",
                "Value": "120"
              },
              {
                "DisplayName": "v_freq",
                "Address": "400009",
                "Value": "2486"
              },
              {
                "DisplayName": "Frequency",
                "Address": "400007",
                "Value": "135"
              },
              {
                "DisplayName": "v_dist",
                "Address": "400008",
                "Value": "46"
              },
              {
                "DisplayName": "KWH",
                "Address": "400001",
                "Value": "393"
              },
              {
                "DisplayName": "KVAH",
                "Address": "400002",
                "Value": "557"
              }
            ]
          },
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:36",
            "Values": [
              {
                "DisplayName": "VYB",
                "Address": "400003",
                "Value": "226"
              }
            ]
          },
          {
            "CorrelationId": "MessageType1",
            "SourceTimestamp": "2024-01-19 07:04:37",
            "Values": [
              {
                "DisplayName": "VRY",
                "Address": "400004",
                "Value": "218"
              },
              {
                "DisplayName": "VBR",
                "Address": "400005",
                "Value": "231"
              },
              {
                "DisplayName": "Active_Power_Total",
                "Address": "400006",
                "Value": "118"
              }
            ]
          }
        ]
      }
    ],
    "EventProcessedUtcTime": "2024-01-19T07:08:29.3980244Z",
    "PartitionId": 0,
    "EventEnqueuedUtcTime": "2024-01-19T07:04:38.0780000Z",
    "IoTHub": {
      "MessageId": null,
      "CorrelationId": null,
      "ConnectionDeviceId": "edgevm1",
      "ConnectionDeviceGenerationId": "638400574809585722",
      "EnqueuedTime": "2024-01-19T07:04:37.9690000Z"
    }
  }
]

and my requirement is to select only 'v_dist' and 'v_freq' and find the Anomalies using Changepoint. I have successfully written the query up to Tumbling window aggregation beyond that I'm not able to move forward always getting invalid error Please find my quer below:

WITH s1 AS (
    SELECT
        System.Timestamp AS DeviceTimestamp,
        GetArrayElement(GetArrayElement(Content, 0).Data, 0) AS DataRecords
    FROM [iciiothub-1]
)
SELECT
    System.Timestamp AS WindowEnd,
    ValueRecords.ArrayValue.DisplayName,
    AVG(CAST(ValueRecords.ArrayValue.Value AS BIGINT)) AS AvgValue
INTO
    [accelerometerAnomaly-1]
FROM s1
CROSS APPLY GetArrayElements(DataRecords.[Values]) AS ValueRecords
WHERE
    ValueRecords.ArrayValue.DisplayName IN ('v_dist', 'v_freq')
GROUP BY
    TUMBLINGWINDOW(second, 30),
    ValueRecords.ArrayValue.DisplayName;