3.4 Release notes

The current release is Unomaly version 3.4.7.

What's new in this release?

Unomaly 3.4 was released on May 22, 2019. Last updated on July 4, 2019.

Find documentation for older releases in "Older versions".

Explore Workflows in your data

This release brings you Workflows, a new page where you can explore log events that frequently happen in a sequence. These sequences may help you to understand what your systems are regularly doing and give more context to investigate anomalies.

To access the Workflows page, enable the feature in Settings > Experimental. See more in "Exploring system activities".

Compare profiles between systems

Compare systems allows users to visually compare the profiles between two systems, A (purple) and B (green).

Check the boxes or click the parts of the Venn diagram to select the different combinations to show. The default result set is the union of the log events happening on A and B. You can also use free text search and select different time ranges to narrow the result set further. See more in "Exploring system activities".

Exclude for all filtering options

This release expands the capabilities of exclude filtering to all filtering option types (in a 3.3.7, exclude was only available for systems). This means that when you select "exclude" from the filtering options on Situations, Anomalies, and Event profiles, you can then apply it to the relevant filters for the page. See more in "Filter and create views to save workflows".

Reducing noise and miscalculated anomalies

Because the tokenizer is aggressive in splitting the types of log events, it may produce a large number of tokens. This means that for certain types of environments, Unomaly can be slow to merge event types into profiles during learning. In this release, you can adjust the sensitivity for merging similar events by choosing from thresholds: Low, Medium, or High in Settings > General > Sensitivity.

Sensitivity allows you to set the speed that Unomaly merges log events with different parameters to learn the normal behavior of your systems. By lowering the sensitivity of Unomaly’s learning algorithm, Unomaly will learn normal behavior faster and produce less parameter anomalies. Recognizing similar log events faster will result in fewer misclassified anomalies but may reduce the number of parameter anomalies that are detected.

Improve tokenization with transforms

In some cases log events are complex and our algorithm could use some human assistance to make sense of them. With transforms, which are rules for merging multiple tokens, you can help the algorithm decide what is a parameter and what is not. In this release, you are able to define multiple tokens per log event to reduce noise even further, giving you additional control over how Unomaly learns and detects changes throughout your environment. (This differs from adjusting your sensitivity threshold, which is algorithmically determined.)

Transforms only apply to anomalous events and you can define them in the Situations and Anomalies pages. See Experimental transforms.

System settings and profiles

Systems components have a different look in this release. Systems in lists are represented by dark grey boxes when they are active. If you select to show disabled systems in the lists, they will appear as light grey split boxes.

Also, hovering over a system will display the system menu.

  • Add to Search to add the selected system to current search parameters.
  • View Profiles to see the event profiles for the selected system. This action will take you to the Explore > Event profiles page.
  • Edit... to edit the settings for the selected system.

Important changes to network settings

We made the following changes to the network and communication settings in Unomaly:

  • The internal firewall (ufw) has been disabled. We recommend that you protect your instances with an external firewall from now on.
  • The internal proxy running on the Unomaly instance has moved into a container. To configure a custom client certificate for your instance, follow the steps in this article "Using a custom web server certificate" in the Unomaly Knowledgebase.
Open ports on a Unomaly installation
Protocol/Port Service
TCP/514 Syslog
TCP/5514 Syslog-forwarder


These are the fixes and updates to Unomaly 3.4 versions.


July 3, 2019

Unomaly 3.4.8 includes the following changes:

  • Added techgrabber wrapper command to gather and send diagnostic data.
  • Added missing database index which caused performance issues.
  • Disabled sidebar resizing in the UI.


June 26, 2019

Unomaly 3.4.7 includes the following changes:

  • Removed syslog forwarding configuration from the console menu.
  • Fixed error where hostlookup script was unable to connect to the database.
  • Moved updating the license from the console to the UI.
  • Fixed a bug where after visiting from a situation shared outside of unomaly, the anomaly listing sometimes incorrectly listed situations.
  • Fix an issue with the batch ingestion endpoint.


June 19, 2019

Unomaly 3.4.6 includes the following changes:

  • Added license update functionality into the Settings > License page in the UI.
  • Fixed an issue where upgrading a distributed setup could fail when trying to list the workers.
  • Passwords that are entered by users are no longer mailed back.


June 13, 2019

Unomaly 3.4.5 includes the following changes:

  • Fixed issue when downloading an upgrade could cause a connection aborted error.
  • Fixed issue where a fresh installation can fail because of an invalid version.
  • Fixed issue where the console setup could not read the license IP.


June 12, 2019

Unomaly 3.4.4 includes the following changes:

  • Added a page to list existing Transforms, which users can access using the top-right menu. When creating transforms, you can name the transform and add a description. The order in which you choose anchors and merge points when creating transforms has been swapped. See "Experimental transforms".
  • Ingestion API now validates log messages sent to it via the HTTP API. Invalid messages will be rejected with HTTP 400 and will not be analyzed by Unomaly. Customers using the Unomaly plugins for Logstash and Fluentd to forward logs to Unomaly are required to update these plugins. The version to use for the Unomaly Logstash plugin is 0.1.4 and the version to use for the Unomaly Fluentd plugin is 0.1.8. See Unomaly plugin for Logstash and Unomaly plugin for Fluentd.

Additional changes:

  • Fixed issue where user plugins couldn't be tested.
  • Fail installation when upgrading from an unsupported older version.
  • Old license versions containing static IP information will pass validation even if it does not match host IP.
  • It is now visualized if anomalies were affected by transforms.
  • Fix problem ingesting syslog messages via udp.
  • Layout fix on Workflows page in Firefox.
  • LDAP authentication: added configuration tip to default role field.
  • Selecting text on an anomaly/situation list would expand/collapse the row, which caused unpredictable behaviour. Therefore, adding a check if text was selected and not expand/collapse rows.


June 5, 2019

Unomaly 3.4.3 includes the following changes:

  • Fixed issue where removing temporary systemd units could fail.
  • Updated system components and system menu to add system to current to search parameters.
  • Disabled the internal firewall (ufw).
  • Fixed bug preventing backup restore from working.
  • Fixed issue where credentials were shown in clear-text for LDAP authentication when using tracing.
  • Fixed issues with usernames having duplicated domain in web interface for LDAP accounts.
  • Limit the maximum number of workflows to 100 for the workflow view.
  • Removed showing knowns from the workflow page due to performance reasons.
  • Added new diagnose service for creating techdumps.


May 22, 2019

Unomaly 3.4 includes the following changes:

  • Filtering conditions now persist when you switch between pages that have the filter bar (Situations, Anomalies, and Event profiles).
  • syslog-ng config has moved inside the container it's running from and changing the configuration now requires you to edit the files in the volume instead of on the host.
  • Database migration that adds column for future system compare feature.
  • Abbreviate the occurrence count of profiles in the events profile page because they were sometimes cut off.
  • Fixed handling of features toggles so that the setting in the UI correctly overrides manual settings in the .env files.
  • Prep work to allow transforms to be applied multiple times to the same log event.
  • Changed LDAP to reduce noise in the logs.