I am currently having an issue with anomaly detection part where i need to calculate mean and standard deviation for same day of the week and same time using data of last 3 weeks with polling interval of 5 minutes.
Example: win_cpu measurement
time Percent_DPC_Time Percent_Idle_Time Percent_Interrupt_Time Percent_Privileged_Time Percent_Processor_Time Percent_User_Time host instance objectname
1524484140000000000 0 82.2580795288086 0 0 0 0 PMICHLAUSQL433 0 Processor
1524484140000000000 0 40.93153762817383 0 16.98509407043457 51.15966033935547 50.95484924 PMICHLAUSQL433 _Total Processor
I need to run a Kapacitor continuous query for each entry being made to win_cpu measurement and store the Host, mean and standard deviation values of Percent_User_time with 5 minutes polling interval to a new measurement based on:
•Depending on the amount of data that is collected, baseline averages are calculated in three ways:
•Initially, averages are calculated for every hour regardless of the day
•Secondly, averages are calculated for the same hour regardless of the day ( Mean and Standard deviation based on last 3 entries for same day)
•After enough data is collected, averages are calculated for the same day of the week and the same hour (Mean and Standard deviation based on last 3 entries for same day of the week and same hour).
•The switch in calculation mode is automatic
Is the above possible via Kapacitor continuous query ?