Autonomous Anomaly Detector
StackState Self-hosted v4.6.x
Anomaly detection identifies abnormal behavior in your fast-changing IT environment. This helps direct the attention of IT operators to the root cause of problems or can provide an early warning. The Autonomous Anomaly Detector (AAD) requires zero configuration. It is fully autonomous in selecting both the metric streams it will apply anomaly detection to, and the appropriate machine learning algorithms to use for each metric stream.
The Autonomous Anomaly Detector (AAD) is enabled as soon as the AAD StackPack has been installed in StackState. When the AAD has been enabled, metric streams are identified and analyzed in search of any anomalous behavior based on their past. After the initial training period, detected anomalies will be reported in the following way:
- The anomaly and time period during which anomalous behaviour was detected are shown on the associated metric stream chart. The color indicates the anomaly severity.
Each identified anomaly is given a severity. This can be HIGH, MEDIUM or LOW. The severity shows how far a metric point has deviated from the expected model and the length of time for which anomalous data has been observed.
HIGH, MEDIUM and LOW severity anomalies
When a HIGH severity anomaly is detected on a metric stream, a
Metric Stream Anomalyevent is generated. Anomaly events are listed on the Events Perspective and will also be reported as one of the Probable Causes for any associated problem. Clicking on the event will open the Event Details pane on the right-hand side of the screen.
Metric stream anomaly event details pane
- Metric Stream - The name of the metric stream on which the anomaly was detected.
- Metric chart - A chart with an extract from the metric stream centered around the detected anomaly.
- Anomaly interval - The time period during which anomalous behaviour was detected. This is also shaded on the metric chart.
- Description - A description of the observed anomaly.
- Elements - The name of the element (or elements) on which the metric stream is attached
The AAD will need to train on your data before it can begin reporting anomalies. With data collected in 1 minute buckets, the AAD requires a 2 hour training period. If historic data exists for relevant metric streams, this will also be used for training the AAD. In this case, the first results can be expected within an hour. Up to a day of data is used for training. After the initial training, the AAD will continuously refine its model and adapt to changes in the data.
The AAD scales to large environments by autonomously prioritizing metric streams based on its knowledge of the 4T data model and user feedback. The metric stream selection algorithm ranks metric streams based on the criteria below:
- Components in views that have the most stars by the most users are ranked highest.
- Anomaly detection will be disabled on streams if more than 20% of their time is flagged as anomalous.
You cannot directly control the stream selected, but you can steer the metric stream selection of the AAD by manipulating the above-mentioned factors.
After an initial training period, the AAD ensures that prioritized metric streams are checked for anomalies in a timely fashion. Anomalies occurring in the highest prioritized metric streams are detected within about 5 minutes.
To uninstall the AAD StackPack, simply press the UNINSTALL button. No other actions need to be taken.
Autonomous Anomaly Detector StackPack v0.9.2 (02-04-2021)
- Common version bumped from 2.4.3 to 3.0.0
- StackState min version bumped to 4.3.0