[META] Forecasting in Anomaly Detection

[brijos]

Is your feature request related to a problem?
This is a container to house forecasting feature requirements as they progress.

What solution would you like?
Proposal

** Working issues

• Milestone 1: create a forecaster
  • Indices code (checkpoint, jobs, state)
  • Updating System index schemas
  • refactor common settings, names, etc.
  • cluster setting like plugins.forecast.enabled to enable/disable forecasting functionality
  • imputation
• Milestone 2: run a forecaster
  • Get forecaster result transport
  • Support shingling
  • Entry workflow
  • Rate limit
  • Feature Preperation (e.g. in HC query to paginate aggregated data)
  • de-trend
• Milestone 3: support job scheduler
• Milestone 4: rename to time series analytics
  • BWC testing (mostly for AD since new RCF has changed its serde)
• Milestone 5: functional api
  • stop forecaster
  • get forecaster
  • update forecaster
  • delete forecaster
  • search forecaster
  • top forecasts
  • result index mapping: easy for querying in UX and alerting
• Milestone 6: monitoring apis
  • profile (references of ProfileAction in ExecuteResultResponseRecorder and test get task)
  • stats
  • search forecast tasks
• Milestone 7: historical forecast
  • test all existing APIs works for both historical and real time
  • forecast task
• Milestone 8: validate api (including forecaster and model level. e.g., max categorical fields honored and infer minimum interval?) and suggest (interval) api
• Milestone 9: fault tolerance
  • resource (disk and memory) management in hourly and daily cron
  • circuit breaker
• Milestone 10: upgrade rcf and data quality, recency bias (transformDecay in trcf), minimum shingle = 4
  • RCFCaster serde
  • new model size formula (considering ErrorHandler)
  • Data quality
  • error statistics (tied to UX on how to present them)
  • upgrade rcf lib
• Milestone 11 default and custom result index, guard against modifying result index, alerting)
  • Test if custom result index still works or not (e.g., top forecast result api)
• Milestone 12 security
  • In AD plugin user finds out that they don’t have the write permissions in the very end of the stepper flow, after configuring the model and the detector, which is frustrating (Playground is an example). Can we do the permission check in the beginning of the flow
  • security tests
• Milestone 13 adjust based on ux design (state transition graph, specify history in cold start)
  • infer shingle size. Users can solicit shingle size explicitly or implicitly from ux in three ways: shingle size in advanced parameter, user specify seasonality, and users telling us how long they want to forecast.
  • For the error states user can access content of the full error message in a modal window
  • allow the compare data source or model parameters changes (e.g., using md5)
  • validate when users haven't specified interval yet (e.g., look at data source/filter and find the data is almost empty)
  • specify history in cold start
  • forecast range (cannot be more/less than a value)
  • run once stat
• Milestone 14: bug fix
  • support > 1 hour interval
• Milestone 15: unit and integration tests

Frontend

• Fixed Interval Viz POC
• test light and dark mode (related: (OUI Next Theme) Anomaly Detection anomaly-detection-dashboards-plugin#572)
• test action items still works[Backport 2.x] Disable interpolation in HCAD cold start #581

[brijos]

Added to the RFC section of the user forum