Skip to main content
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Be one of the first to start using Fabric Databases. View on-demand sessions with database experts and the Microsoft product team to learn just how easy it is to get started. Watch now

Reply
DennesTorres
Impactful Individual
Impactful Individual

Anomaly Detection

‎10-03-2023 03:00 AM

Hi,

The walkthrough for real-time analysis in Fabric has the query below as an example of anomaly detection in taxi driver tips in New York:

nyctaxitrips

| lookup (Locations) on $left.PULocationID==$right.LocationID

| where Borough == "Manhattan"

| make-series s1 = avg(tip_amount) on tpep_pickup_datetime from datetime(2022-06-01) to datetime(2022-06-04) step 1h

| extend anomalies = series_decompose_anomalies(s1)

| render anomalychart with (anomalycolumns=anomalies)

 

What bothers me is that the detection is made over an average, so we are not really detecting the anomaly, we are detecting the hour inside which the anomaly happened.

 

The make-series only work with an aggregation function. Is it possible to use series_decompose_anomalies to detect individual anomaly values, instead of aggregated anomaly values? How could we use the make series without aggregation?

The example contained in the description page of the function series_decompose_anomalies is about web traffic and makes complete sense, because there is no anomaly on an individual value, it only exists on an aggregation. But for taxi driver tips, there is one anomaly and we can't find it aggregating.

Of course I could use separate queries over the hours pointed as anomaly to discover which is the anomaly value, but I was willing to find a solution to see the anomalies in a chart with a query.

Am I wrong? Is my concept wrong?

 

Kind Regards,

 

Dennes

Message 1 of 4
1,219 Views
0
3 REPLIES 3
v-cboorla-msft
Community Support
Community Support

‎10-08-2023 09:08 PM

Hi @DennesTorres 

 

Following up to see if the below suggestion was helpful. And, please do let us know in case of any further queries.

Message 4 of 4
1,097 Views
0
v-cboorla-msft
Community Support
Community Support

‎10-04-2023 07:55 AM

Hi @DennesTorres 

 

Welcome to Fabric Community and thanks for posting your question here.

 

As I understand that you are trying to use series_decompose_anomalies to detect individual anomaly values, instead of aggregated anomaly values. And you want to use the make-series without aggregation.

 

No, it is not possible to use the make-series operator without an aggregation function in MS Fabric KQL Query. The make-series operator is designed to create a series of aggregated values, and it requires an aggregation function to specify how the values should be aggregated.

 

vcboorlamsft_0-1696430956043.png

 

For more information, please refer : make-series operator - Azure Data Explorer | Microsoft Learn

 

Yes, it is possible to use series_decompose_anomalies to detect individual anomaly values, instead of aggregated anomaly values in MS Fabric KQL. The function takes an expression containing a series (dynamic numerical array) as input, and extracts anomalous points with scores.

 

For more information, please refer : series_decompose_anomalies() - Azure Data Explorer | Microsoft Learn

 

I hope this information is helpful. Please let me know if you have any other questions.

Message 2 of 4
1,168 Views
0
v-cboorla-msft
Community Support
Community Support
In response to v-cboorla-msft

‎10-05-2023 08:08 AM

Hi @DennesTorres 

 

Following up to see if the above suggestion was helpful. And, please do let us know in case of any further queries.

Message 3 of 4
1,122 Views
0

Helpful resources

Announcements
Las Vegas 2025

Join us at the Microsoft Fabric Community Conference

March 31 - April 2, 2025, in Las Vegas, Nevada. Use code MSCUST for a $150 discount!

Dec Fabric Community Survey

We want your feedback!

Your insights matter. That’s why we created a quick survey to learn about your experience finding answers to technical questions.

ArunFabCon

Microsoft Fabric Community Conference 2025

Arun Ulag shares exciting details about the Microsoft Fabric Conference 2025, which will be held in Las Vegas, NV.

December 2024

A Year in Review - December 2024

Find out what content was popular in the Fabric community during 2024.

View All
Top Solution Authors
View All
Top Kudoed Authors
View All