We created an anomaly detector using OpenSearch with a 10-minute window interval, focusing on three features: total_count, logstats, and flowstats, using sum aggregation and a shingle size of 8.