Anomaly Detection
Edge Delta's Anomaly Detection organizes logs into patterns, evaluates anomalies, and provides insights for AI monitoring and service performance.
4 minute read
Edge Delta’s Anomaly Detection capabilities enable intelligent telemetry data that help teams reduce noise, catch regressions earlier, and support applied observability use cases such as AI monitoring and service performance tracking. Edge Delta supports cost-aware observability by organizing logs into patterns, evaluating those patterns for anomalies, and providing clear, actionable insights. This results in higher signal-to-noise, faster detection, and cleaner telemetry for downstream systems.
Pattern Detection and Sentiment Evaluation
Edge Delta uses the Drain algorithm to dynamically aggregate log entries into patterns. The algorithm groups similar logs by replacing variable elements—timestamps, request IDs, user identifiers, and other dynamic values—with wildcards while preserving the structural template. This approach identifies recurring log structures regardless of specific parameter values.
For example, logs like:
User 12345 logged in from 192.168.1.1User 67890 logged in from 10.0.0.5
Become a single pattern: User * logged in from *
These patterns can be counted and summarized instead of streaming all logs. This reduces the volume of data sent downstream while preserving the structure and meaning of the logs.
Each pattern is evaluated for sentiment and classified as either negative or neutral. This process checks for signs of instability, failure, or degradation using custom keyword or regex matches such as error, failed, or panic.
You can also configure neutralizing terms like debug that prevent false positives when present in a pattern. To modify sentiment logic, visit the Global Data Settings tab of the Admin page. Restart the agent after making changes for them to take effect.
Visualizing and Exploring Patterns
The Patterns tab of the Logs page in the Edge Delta web application displays the results of log pattern detection. It highlights changes in volume, frequency, and sentiment, helping you track which behaviors are increasing, decreasing, or disappearing. Filters help focus the view on specific types of behavior. For example, you can isolate patterns that are newly detected or those that have disappeared, using the lifecycle filter.
Key Features
- View top patterns by frequency and sentiment
- Compare pattern behavior across time periods
- Filter by sentiment, source, lifecycle status, or tags
- Spot volatile or unique patterns
Drill into specific patterns to review log samples and metadata:
Click Raw JSON to view the pattern data item.
Anomaly Detection and Alerting
Edge Delta continuously analyzes pattern behavior to detect anomalies. An anomaly might indicate a sudden spike in a negative pattern, a deviation in frequency, or the appearance of new patterns in a short window.
Each organization starts with a default Pattern Anomaly Monitor. This monitor watches for:
- Surges in total volume of negative logs
- Increases in the number of unique negative patterns
- Behavior changes in specific environments or sources
Anomalies can trigger alerts via your preferred incident response platforms, including PagerDuty, Slack, Microsoft Teams, and more.
OnCall AI for Context and Remediation
OnCall AI reviews detected anomalies and provides contextual summaries to help engineers understand what changed, why it matters, and how to fix it.
Autonomous Investigation Workflow
When anomalies are detected, AI teammates can investigate autonomously by:
- Pulling relevant telemetry: Querying logs, metrics, and traces related to the affected service during the anomaly window
- Identifying root causes: Analyzing patterns to surface specific error conditions (for example, null pointer exceptions, connection timeouts, or resource exhaustion)
- Proposing remediation: Generating mitigation plans with specific steps based on the identified cause
- Providing context links: Including direct links to relevant log patterns and anomaly events for further investigation
Extended Analysis
Beyond immediate remediation, AI teammates perform deeper analysis when investigating anomalies:
- Historical pattern review: Examining trend data to determine if similar patterns occurred previously
- Correlated service analysis: Checking related services for errors that may share a common cause
- Failure scenario validation: Evaluating whether the pattern matches known failure modes or represents a new issue
For each anomaly, OnCall AI offers:
- A plain-language summary of the pattern behavior
- Severity and potential impact
- Recommended remediation steps
This helps reduce time-to-resolution and limits alert fatigue by offering clarity and direction.
Benefits for Modern Observability
Edge Delta’s Anomaly Detection is purpose-built to:
- Improve the quality of telemetry flowing into your models and analytics systems
- Reduce observability spend through smart summarization
- Gain insight without ingesting every log
- Use out-of-the-box monitors to surface real problems faster
- Maintain pipeline hygiene across distributed environments
Fleet-Wide Alerting
Edge Delta supports multiple alert mechanisms for monitoring your pipelines and infrastructure.
Alert Types
Health alerts cover:
- Agent connectivity failures
- Version drift across pipelines
- Configuration sync failures
- Resource exhaustion (CPU, memory, disk)
Performance alerts trigger on:
- Throughput drops below threshold
- Processing latency exceeding SLA
- Error rate spikes
- Backpressure buildup
Data quality alerts detect:
- Unexpected traffic patterns
- Missing expected data sources
- Schema changes or parsing failures
- Anomalous field values
Integration with Alerting Platforms
Edge Delta integrates with external alerting systems including:
- PagerDuty: Incident management and on-call routing
- Slack: Team notifications and collaboration
- Microsoft Teams: Team notifications and collaboration
- Webhooks: Custom integrations with internal systems
- Email: Direct notifications to operations teams
Learn More
- Configure Log to Pattern node
- Set Up Monitors
- Pattern Anomaly Monitor
- Log Threshold Monitor
- Monitoring and Visibility - Track pipeline health metrics