View Operational Metrics anomaly alerts

View anomaly alerts generated by Operational Metrics. Anomaly alerts indicate deviation from projected metric values for monitored CIs. Anomaly alerts are separate from the regular Event Management alerts, and are not displayed in the Alert Console. You can define an event rule to generate a regular alert that is based on anomaly alerts.

Before you begin

Role required: evt_mgmt_user

About this task

The statistical model is used to calculate standard deviations, upper and lower bounds, and statistical outliers which are then used to detect anomalies. An anomaly is when metric values are out of the projected values according to the statistical model. The system monitors the frequency and persistence of statistical outliers across time to compute a score between 0-10 that indicates how abnormal a deviation is.

Operational Metrics constantly generates anomaly alerts whenever the anomaly score is above zero. If there is a score that is above 4 which has changed from the previous score - it is sent to the instance so the entire sequence of deviations over time can be displayed in the Metric Explorer.

Procedure

  1. Navigate to Event Management > Operational Metrics > Anomaly Alerts.
  2. In the Alerts Anomalies list view, double-click on an alert that you want to view.

What to do next

  • You can create an event rule that examines the anomaly alerts, and generates a regular system alert that is based on anomaly alerts. Create an event rule, and specify:
    • Filter: Add filter conditions such as [CI identifier] [is] [CI SysId], or [Metric Name] [is] [metric]. To select anomaly alerts add the filter condition [Classification] [is] [Anomaly].
    • On the Transform tab, add an entry to Event Compose Fields where Field is classification and Composition is 0.
  • Right-click an alert, and then click View Metrics to open the integrated Metrics Explorer and Dependency Views map for the CI associated with the alert.