Edge Delta Anomaly Detection

Edge Delta detects anomalies in observability data.

  3 minute read  

Edge Delta detects anomalies in observability data using agents on the edge as well as in aggregate on the backend. You can receive alerts about anomalous behavior and see views designed to help with root cause analysis. This helps reduce the time needed to detect and resolve incidents.

Anomalies in Patterns

Once log patterns are streamed to the Edge Delta backend, monitors can be configured to detect anomalous behavior and trigger alerts to one or more notification channels.

OnCall AI

The Anomalies tab on the Logs page shows results of your monitors. Monitors analyze a pattern’s behavior to detect anomalies. Each anomaly is interpreted using OnCall AI which summarizes it and provides recommendations on how to remediate it.

OnCall AI:

  • Analyzes the generalized patterns of the logs without specific information about log content contributing to the anomaly.
  • Communicates the severity of the issue and what it’s impacting.
  • Summarizes the negative behavior in conversational text.
  • Provides a recommendation on how to resolve the issue.

Pattern Anomaly Monitor

The Pattern Anomaly monitor uses a proprietary algorithm to detect unusual spikes in log patterns with negative sentiment. Log patterns for a particular source (e.g. a Kubernetes namespace or controller) are analyzed in aggregate across fleets, and an alert can be triggered if there is an unusual spike in either the total number of log messages with negative sentiment, or the number of unique negative patterns detected.

The algorithm is tuned to reduce false positives by accounting for repeated patterns (e.g. logs that result from a daily/weekly/monthly batch job) as well as normal fluctuations in log volume (e.g. increased traffic to a website during daytime hours).

Anomalies in Metrics

After performing logs to metrics conversion, Edge Delta is able to detect anomalies in the data collected by individual agents as well as in data aggregated from multiple agents.

Agent Processor Alerts

The Edge Delta agent can be configured to track the value of metrics at the edge host over time, detect anomalous values, and alert you if it finds any.

See Create Metrics from Logs and Trigger a Metric Alert for more details.

Metrics Monitors

Since many production services run across multiple hosts, it is often useful to collect metric values in aggregate from all hosts, analyze them, and trigger alerts if a threshold is exceeded.

A metrics alert monitor can be configured to trigger when the aggregated metric value or anomaly score from many agent instances exceeds a defined threshold.

Anomalies in Logs

The Logs Monitor monitors for changes in log volumes across all agents and can issue alerts when anomalous changes are detected.