Hello @116dreamer ,
Azure Stream Analytics offers anomaly detection in several ways: spike and dip detection and changepoint detection.
This is based on a mathematical model so it involves a statistical confidence level.
Instead of comparing incoming values to (fixed) values, this detection compares values with previous values over a certain time span.
If the new value difference is detected with a certain confidence, it is seen as an anomaly.
So you basically fill in:
- the value to check
- the number of messages expected
- the duration
- the confidence
I suggest running a training set through Azure Stream Analytics and testing it before you take it into production.
I also suggest using this next to a more traditional (fixed) value comparison.
Check out my blog post too.