Anomaly detection


#1
SELECT
, date_of_the_event
, COUNT(*) AS number_of_events,
, AVG(COUNT(*) ) OVER () AS average_events
, STDDEV(COUNT(*)) OVER () AS stddev_count
FROM events GROUP BY 1

The idea here is to be able to compare the raw count of events on any one day with the sample average/st. dev:

WHEN
number_of_events > average_events + 2 * stddev_count THEN 'high'