Baseline and anomaly detection

Topic: Monitoring basics

Detect anomalies by comparing current metrics to baseline or using ML. Alert on unusual behavior. Use when threshold-based alerts miss subtle issues.

Intent: How-to

Quick answer

  • Compute baseline from history: same hour last week or rolling average. Alert when current deviates by X percent or sigma.
  • Some tools offer ML-based anomaly detection. Tune sensitivity to reduce false positives.
  • Combine with threshold alerts. Use for capacity or security anomalies. Review and tune regularly.

Prerequisites

Steps

  1. Define baseline

    Choose metric and baseline: same hour last week or rolling 7d. Set deviation threshold.

  2. Alert and tune

    Alert when metric deviates. Tune sensitivity. Reduce false positives.

  3. Review

    Review anomalies. Adjust baseline or threshold. Document findings.

Summary

Define baseline; alert on deviation; tune sensitivity; review and adjust.

Prerequisites

Steps

Step 1: Define baseline

Metric and baseline (e.g. same hour last week); deviation threshold.

Step 2: Alert and tune

Alert on deviation; tune to reduce false positives.

Step 3: Review

Review anomalies; adjust baseline and threshold.

Verification

  • Anomalies detected; false positives acceptable.

Troubleshooting

Too many alerts — Loosen threshold or baseline. Missed anomaly — Tighten or add ML.

Next steps

Continue to