Anomaly detection alerts

Detect unusual metric behavior without defining static thresholds. Anomaly detection alerts learn normal patterns from your data and notify you when a metric deviates from expected behavior.

These alerts use artificial intelligence algorithms to analyze incoming metrics and predict expected behavior for 24 hours.

For example, use anomaly detection alerts to identify when a transaction’s response time becomes unusually high or when a host’s outgoing traffic exceeds typical levels, indicating a potential performance or security issue.

These alerts use Streama technology, which lets them run on the Coralogix monitoring pipeline at a third of the cost, without prior indexing.

Create an alert

Set up a metrics-based anomaly detection alert.

1. Go to Alerts, then Alert Management.
2. Select New Alert.
3. When you define alert conditions, select:
   • More than usual, or
   • Less than usual
4. Define the alert conditions.
5. (Optional) Configure advanced settings, including custom evaluation delay and percentage deviation.
6. Finalize the alert setup.

Data requirements

Anomaly detection requires sufficient historical data to establish a reliable baseline.

• The model trains on the previous 7 days of metric data.
• At least 90% of this 7-day period must contain data.
• This requirement applies to the training data window, not to the alert evaluation window.

If this requirement is not met, the baseline is not created and anomaly detection is not applied.

Limitations

The machine-learning model establishes the baseline for each group-by key in your alert definition.

• The baseline is applied daily for the next 24 hours.
• The model uses data from the past 7 days.
• The system supports a maximum of 500 permutations per metric.

Support

Need help?

Customer success is available 24/7 to help with setup and answer questions.

Contact customer success through the in-app chat or by emailing support@coralogix.com.