The anomalies page shows a list of machine learning charts for logs and metric anomalies of a selected component.
Linux component anomalies charts with 2 log anomalies detected
The first chart is always the log chart and the rest are individual metricsets charts depending of the technology of the component.
The charts show the ML and anomaly values for a set period of 1h. It can either show real time data of the current hour or historic data in spans of 1h.
Each chart has its own date picker on the top right which enables the user to select the day and the specific hour time span of the anomalies. If an anomaly was detected on a specific hour of the day both will be colored red for easier selection.
If the current hour of the day or any time span over the current hour is selected the chart will enter live mode and start showing real time incoming data.
There are 3 values shown on the chart:
  • Value of the metricset(log) in blue
  • Anomaly threshold calculated by the ML in red
  • Anomaly score calculated by the ML in orange
If the anomaly score goes over the anomaly threshold the data point is marked as an anomaly by a vertical red line and marker.
Clicking on the marker of the anomaly takes you to the managed ELK dashboard of the component with the selected time frame of -5/+5 minutes to easily analyse the anomaly.