Update expression and anomaly detector documentation

_data-prepper/pipelines/configuration/processors/anomaly-detector.md

@@ -53,6 +53,7 @@
 | `sample_size` | `256` | 100--2500 | The sample size used in the ML algorithm. |
 | `time_decay` | `0.1` | 0--1.0 | The time decay value used in the ML algorithm. Used as the mathematical expression `timeDecay` divided by `SampleSize` in the ML algorithm. |
 | `type` | `metrics` | N/A | The type of data sent to the algorithm. |
+| `output_after` | 32 | N/A | Indicates the number of events to consume before outputting anamolies |
 | `version` | `1.0` | N/A | The algorithm version number. |
 
 ## Usage

_data-prepper/pipelines/expression-syntax.md

@@ -30,6 +30,9 @@
 |----------------------|-------------------------------------------------------|---------------|
 | `()`                 | Priority expression                                   | Left to right |
 | `not`<br> `+`<br>  `-`| Unary logical NOT<br>Unary positive<br>Unary negative | Right to left |
+| `*`, `/`             | Multiplication and Division operators                 | Left to right |
+| `+`, `-`             | Addition and Subtraction operators                    | Left to right |
+| `+`                  | String concatenation operator                         | Left to right |
 | `<`, `<=`, `>`, `>=` | Relational operators                                  | Left to right |
 | `==`, `!=`           | Equality operators                                    | Left to right |
 | `and`, `or`          | Conditional expression                                | Left to right |
@@ -78,7 +81,6 @@
 <Any> or <Any>
 not <Any>
 ```
-{% include copy-curl.html %}
 
 The following are some example conditional expressions: 
 
@@ -91,9 +93,64 @@
 ```
 {% include copy-curl.html %}
 
+### Arithmetic expressions
+
+Arithmetic expressions allow you to do few basic arithmetic operations. Arithmetic expressions may be combined with conditional expressions to make more complex conditional expressions. The available arithmetic operators are `+`, `-`, `*`, and `/` for doing addition, subtraction, multiplication and division respectively. The syntax for using the arithmetic operators is as follows:
+
+```
+<Any> + <Any>
+<Any> - <Any>
+<Any> * <Any>
+<Any> / <Any>
+```
+
+The following are some example arithmetic expressions: 
+
+```
+/value + length(/message)
+/bytes / 1024
+/value1 - /value2
+/TimeInSeconds * 1000
+```
+{% include copy-curl.html %}
+
+The following are some example arithmetic expressions used in conditional expressions : 
+
+```
+/value + length(/message) > 200
+/bytes / 1024 < 10
+/value1 - /value2 != /value3 + /value4
+```
+{% include copy-curl.html %}
+
+### String concatenation expressions
+
+String concatenation expressions allow you to concatenate strings to generate new strings. The concatenated strings can be used in conditional expressions too. The syntax for using string concatenation is as follows:
+
+```
+<String Variable or String Literal> + <String Variable or String Literal>
+```
+
+The following are some example string concatenation expressions:
+
+```
+/name + "suffix"
+"prefix" + /name
+"time of " + /timeInMs + " ms"
+```
+{% include copy-curl.html %}
+
+The following are some example string concatenation expressions used in conditional expressions :
+
+```
+/service + ".com" == /url
+"www." + /service != /url
+```
+{% include copy-curl.html %}
+
 ### Reserved symbols
 
-Reserved symbols are symbols that are not currently used in the expression syntax but are reserved for possible future functionality or extensions. Reserved symbols include `^`, `*`, `/`, `%`, `+`, `-`, `xor`, `=`, `+=`, `-=`, `*=`, `/=`, `%=`, `++`, `--`, and `${<text>}`.
+Reserved symbols are symbols that are not currently used in the expression syntax but are reserved for possible future functionality or extensions. Reserved symbols include `^`, `%`, `xor`, `=`, `+=`, `-=`, `*=`, `/=`, `%=`, `++`, `--`, and `${<text>}`.
 
 ## Syntax components
 
@@ -170,6 +227,9 @@
 | `()`                 | Priority expression      | Yes                  | `/a==(/b==200)`<br>`/a in ({200})`                             | `/status in({200})`                   |
 | `in`, `not in`       | Set operators            | Yes                  | `/a in {200}`<br>`/a not in {400}`                             | `/a in{200, 202}`<br>`/a not in{400}` |
 | `<`, `<=`, `>`, `>=` | Relational operators     | No                   | `/status < 300`<br>`/status>=300`                              |                                       |
+| `+`                  | String concat operator   | No                   | `/status_code + /message + "suffix"`
+| `+`, `-`             | Arithmetic Add and Subtract operators | No      | `/status_code + length(/message) - 2`
+| `*`, `/`             | Multiply and Divide operators | No              | `/status_code * length(/message) / 3`
 | `=~`, `!~`           | Regex equality operators | No                   | `/msg =~ "^\w*$"`<br>`/msg=~"^\w*$"`                           |                                       |
 | `==`, `!=`           | Equality operators       | No                   | `/status == 200`<br>`/status_code==200`                        |                                       |
 | `and`, `or`, `not`   | Conditional operators    | Yes                  | `/a<300 and /b>200`                                            | `/b<300and/b>200`                     |