Unomaly core concepts

Unomaly is a software product that automatically analyzes log data from software systems and detects anomalies in their data. This topic introduces core concepts for using Unomaly.

Systems

All data that enters Unomaly are tied to an originating source, referred to as a system. Software systems may be a server, container, or applications. You can configure systems to send their data to Unomaly using log shippers, standard data protocols, such as syslog, or one of our pre-built integrations to collect data from other technologies. Read more about "How to send data to Unomaly".

Each system has a system profile in Unomaly. The system profile is a collection of the different types of events that the system generates under normal operating conditions. The events are organized by their frequency. The system profile is created during training for the system and continuously updated as the system receives more data. Read more about "How Unomaly detects anomalies".

Systems can be organized into groups. Grouping systems gives you an overview of your data for related systems and lets you monitor and investigate across systems. Read more about how to "Manage systems and groups".

Anomalies

Anomalies are the changes in your log data that falls outside of the normal patterns identified by Unomaly. Unomaly detects anomalies based on the log event structure that it parses and based on the frequency changes or the stops of periodic log events. Read more about "How Unomaly detects anomalies" and how to "Investigate Anomalies".

Situations

Unomaly clusters anomalies that occurred within a rolling time period on a single system into a situation. Each situation has a score to indicate the type of anomaly that is most significant in the situation. Read more about how to "Investigate Situations".

Knowns

If Unomlay repeated sees a log event, the log event becomes part of the learned events for a system and will no longer be highlighted by Unomaly. In some cases where the log event is important enough to track and keep highlighting, you can create a known for the log event. Creating a known means that you add contextual information, such as descriptions and tags to explain what the event means and how to resolve it. You can:

  • Specify how you want Unomaly to treat the event, such as whether or not to add it to a situation and assign it a score.
  • Filter on knowns and define actions to notify you when Unomaly detects the event.

Read more about how to "Define knowns to highlight log events".

Actions

Actions let you define how Unomaly responds to triggers and conditions in systems and situations. When one of your systems goes offline or when the. production environment produces significant anomalies, you want Unomaly to take action. This action can be to send an email to a specific user, to post to a team chat room, or to flag the event for you to review later. Read more about how to "Configure actions and notifications".

You can add a custom action to post to external solutions, such as a team chat room. Unomaly provides integrations and plugins to common solutions, such as Slack, HipChat, and Microsoft Teams, which you can install and configure to use with actions. See Unomaly Integrations and Plugins.