Anomaly Detection for Monitoring
As companies adopt agile development practices and deploy business-critical applications to the cloud, monitoring and analytics are necessary elements for a DevOps workflow. Here’s what you need to know about anomaly detection and how it adds value to cloud monitoring for DevOps teams.
What is Anomaly Detection?
Anomaly detection is the process of identifying observations or patterns of observations in a data set that do not conform to expected behavior. “One of these things is not like the other” – sounds easy, right? Of course when you’re working with tens of thousands of system and application metrics that change from minute to minute, the game becomes exponentially more difficult. At Netuitive, we tend to characterize this as, “humanly impossible.”
Understanding the Four Kinds of Anomalies
When talking about anomaly detection, there are four specific types of results: True positives, true negatives, false positives, and false negatives.
3 Types of Anomaly Detection Monitoring Tools
Smart DevOps teams typically evolve through three levels of anomaly detection tools. They start with simple dashboards to track basic metrics then add increasingly sophisticated analytics. A common progression for analytics is to start with static thresholds, then add simple data transformations, and finally introduce machine learning and other models and algorithms designed to increase alarm quality.. For example, static thresholds are the most common “starter” analytics. Static thresholds automatically flag simple anomalies in a collection of point observations. Some analytics tools use data transformation functions make it easier to detect outliers. Advanced analytics tools screen out unwanted noise and enhance anomaly detection thereby reducing the frequency of bad alarms—namely, false positives and false negatives.
Advanced analytics leverage many models and algorithms, both qualitative and quantitative. Some quantitative techniques include statistical analysis and machine learning. Qualitative techniques such as incorporating a priori knowledge (human input) and semantic contextual models.
Anomaly Detection and Advanced Analytics within the Context of a DevOps Workflow
Ideally, anomaly detection is not simply an isolated monitoring step or the only factor in deciding whether or not to issue and alarm or take some action. For the most accurate results, advanced analytics should be applied within a more comprehensive monitoring workflow that:
- Captures infrastructure and application metrics in real time
- Applies multiple types of analytics to the observations
- Discovers deviations in the observed data
- Applies structural knowledge such as relationships between components to refine raw analytic results
- Assesses the results within the contexts of environmental semantics and other human knowledge (we call a ”policy”)
Using analytics together within a workflow such as the one shown below, DevOps staff can achieve highly accurate results – namely minimizing false positives and false negatives.
See how machine learning and anomaly detection impact your alarm quality and inform mission-critical decisions in dynamic environments.
Netuitive is available as a 21-day free trial.