Investigate anomalies

An anomalous event is any event that doesn’t match the historic pattern of events from the source (system) of the data. On the Anomalies page, you can use the search bar, conditional filters, time range selector, or the graph to narrow down on specific anomalous events.

Anomaly types

Unomaly detects anomalies based on the log event structure that it parses and based on the frequency changes or the stops of periodic log events. The following table describes the types of anomalies that Unomaly detects.

Anomaly Type Description
Never before seen Events that are new in the entire IT environment that Unomaly is monitoring.
New in system Events that are new in a system but may have occurred in other systems.
Parameter change Events that match previously detected anomalies but have different parameter values.
System away Events indicating that Unomaly has not received data from the system for a certain amount of time.
Frequency spike Anomalies where an event is produced at a significantly greater rate than previously seen.
Event stop Anomalies where a periodic log event (that is an event that was seen regularly) is no longer produced.

Investigating with the graph and time range

The timeline in the Anomalies page depicts the total volume of data that Unomaly analyzed in the time range of the graph. As you hover over individual sections of the bars, you can see how many events and which requency of events they correspond to. As you scroll down through the list of situations, the graph remains visible. But, you can also choose to hide it by clicking "Collapse".

Adjusting the time span

The span of the graph can be changed longer and shorter by using the dropdown to select from presets, which include last day, last week, last month; or use the custom option to specify a specific time range.

Jumping back and forward in time

Arrows to the left and right of the graph are buttons that allow you to jump forwards and backwards in the graph with the preserved interval selection. If you are looking at last day and clicking the arrow to the left of the graph it will take you to the previous day.

Zooming in and out on selected time periods

Making selections in the graph dynamically applies a filter for the situations and events that happened in that specific time frame. When making this selection a zoom button will be presented above the graph that enables you to zoom in on that specific part of the graph.

Expanding and reviewing individual anomalies

Click on the anomaly to expand the line and display the full event with a summary of “Event details”, such as:

  • The timestamp that the event was First seen.
  • The timestamp that the event was Last seen.
  • The count of Occurrences, or number of times the event has been seen.
  • If the event was seen on multiple systems, you will also see a list of the systems.
  • For frequency anomalies, you will see a snapshot of the event rate.

Event menu

To the right of each event is an event menu with the following options:

  • “Copy log text” to copy the full log message to your clipboard that you can use to search or investigate outside of Unomaly.
  • “Copy link” to copy a dedicated link to the anomaly in your clipboard that you can share with your colleagues.
  • “Add known…” to open the knowns creation window.
  • “System profile…” to open the system profile and settings window.