Unomaly is a software product that automatically analyzes log data from software systems and detects anomalies in their data. This topic introduces the Unomaly user interface and core concepts.

The Unomaly user interface

The following screenshot shows you the Unomaly user interface. There are two main pages: Situations and Anomalies.

3.0

You can navigate the different pages in the Unomaly interface on the top bar:

  • Click the Unomaly logo to return to the default Situations page.
  • Select either Situations or Anomalies to go to one of the main pages to start your investigations.
  • Click on the menu to go to secondary pages to manage Knowns, Actions, Groups, and so on.
  • Click the question mark for links to Documentation and other Help topics.
  • Click the user icon to open your Account information or log out of Unomaly.

Using the sidebar

Use the sidebar on the left to select a saved View or filter on systems and groups.

Views

  • Views are constrained to the page that you are on, whether that is Situations or Anomalies.
  • There are pre-saved views for both pages. You can change the Default, which is the view that you open when you click the tab for the page.
  • When you change the filters and conditions on the page, you can save your changes to a new view that will be added to this list.

Systems

  • Selecting a system group will update the contents of the page to show only the data from your selection. Click the arrow to the right of the group to show all the systems that make up the group.
  • From the sidebar, you can only select one system group at a time. To select more than one system or group, use the search bar for the page.
  • The badges next to each system group display a count of the open alerts in that group, if you have alerts configured.

The Anomalies page

2.32

Use the Anomalies page to review and investigate the anomalies that Unomaly detects. Anomalies are the changes in your log data that falls outside of the regular patterns identified by Unomaly. Unomaly detects anomalies based on the log event structure that it parses and based on the frequency changes or the stops of periodic log events.

Anomaly type Description
Never before seen Events that are new in the entire IT environment that Unomaly is monitoring.
New in system Events that are new in a system but may have occurred on other systems.
Parameter change Events that match previously detected anomalies but have different parameter values.
System away Events indicating that Unomaly has not received data from the system for a certain amount of time.
Frequency spike Anomalies where an event is produced at a significantly greater rate than previously seen.
Event stop Anomalies where a periodic log event (that is an event that was seen regularly) is no longer produced.

You can expand the events to learn more about the frequency and occurrences of each anomaly. Read more about how to “Investigate anomalies”.

The Situations page

2.32

Unomaly clusters anomalies that occurred within a rolling time period on a single system into a situation. Use the Situations page to investigate related anomalies. Each situation has a score to indicate the type of anomaly that is most significant in the situation. You can expand a situation to see all the anomalous events that are part of it. Read more about how to “Investigate situations”.

Core concepts

Systems and groups

All data that enters Unomaly are tied to an originating software system, which may be a server, container, or applications. You can configure systems to send their data to Unomaly using log shippers, standard data protocols, such as syslog, or one of our pre-built integrations to collect data from other technologies. Read more about “Getting data into Unomaly”.

Each system has a system profile in Unomaly. The system profile is a collection of the different types of events that the system generates under normal conditions. The events are organized by their frequency. Refer to the system profile for a better understanding of how each system behaves under normal conditions. Read more about “How Unomaly detects anomalies”.

Systems can be organized into groups. Grouping systems gives you an overview of your data for related systems and lets you work across systems. Read more about how to “Organize systems into groups”.

Comments and collaboration

As you review anomalies and alerts in the user interface, you can collaborate with colleagues to share discoveries or investigate and resolve issues faster. The simplest way to involve another member of your team is to add a comment to a situation. When you mention a colleague, they will be notified about the situation and comment. Read more about how to comment and share discoveries while Investing situations and Investigating anomalies.

Creating known events

For anomalies that you want to track specifically, you can create a Known. Knowns use simple pattern matching objects with your information to detect repeating issues. When you create a known, you add descriptions and tags to the event to explain what the event means and how to resolve it. Read more about how to “Define knowns to highlight log events”.

Actions and notifications

Actions let you to define how Unomaly responds to triggers and conditions in systems and situations. When one of your systems goes offline or when the production environment produces significant anomalies, you want Unomaly to take action. This action can be to send an email to a specific user, to post to a team chat room, or to flag the event for you to review later. Read more about how to “Configure actions and notifications”.

You can add a custom action to post to external solutions, such as a team chat room. Unomaly provides integrations to common solutions (such as Slack, HipChat, and Microsoft Teams) which you can install and configure to use with actions. See Unomaly Plugins and Integrations.

Unomaly guides

Here you will find guides to help you get started using Unomaly and become a more advanced user. You will also find best practices for using and administrating Unomaly.