Closed
Description
True per partition normalisation functionality is viewed as undesirable since if the cardinality of the partition field is high it bypasses the rate limiting we do for alerting. Users could be subjected to a continuous stream of alerts if misused.
However, there is one important use case which does come up occasionally: anomaly detection is performed as a service to a group of customers and each customer only views their own record level results. In this case, we absolutely don't want the normalisation to interact between customers and since they only see results relating to them the concern about creating too many alerts doesn't apply.
First steps should be:
- Investigate moving to maintaining per time series minimum probability and reassess partition normalisation in this context,
- Investigate results of partition analysis verses multiple jobs (one for each partition) where cardinality makes this possible