Skip to Content

Managing alerts for anomaly detection

You can use the Alert Rule Editor option to attach alert rules to a metric in a category for anomaly detection. The alert rules that you attach to a metric apply to the latest data during the nightly process to trigger alerts if exceptions are detected. Alerts are triggered based on the statistical banding or constant values that you have selected.

For more information about banding, see Using-the-Banding-and-the-Min-Max-options.

You can also attach the alert rules by using the Alert Rule option in a chart legend. For more information, see Working-with-chart-options.

Related topics

Working-with-filters

Using-Filter-Actions

Managing-report-views

Working-with-workflows

Overview of Alert Rule Editor

On a report view, click Alert Rule Editor.

image-2024-11-13_18-19-47.png

The Attach Alert rule dialog box is displayed. 

image-2024-11-13_18-9-27.png

In the Attach Alert Rule dialog box, you can:

  • Use a product-provided alert rule that is attached to a metric in a category for a particular view
  • Use an existing rule attached by you to a metric. They are displayed under Select an existing alert rule to apply.

If a rule is attached to a metric in the current category, an APPLIED badge is displayed next to the metric name, and the selected rule is highlighted in gray under Select an existing rule to applyIf a rule applied to a metric was deleted or is no longer available, the APPLIED badge changes to WARNING. The tooltip also indicates that the rule is no longer available. 

To attach a new alert rule to a metric, see To create an alert rule.

Warning

Important

Both product-provided and user-created rules are displayed under Select an existing rule to apply.

The alert rules include a short description of the alert rule and the following alert criteria:

  • Intervals
  • Warning 
  • Error
  • Severe

You can perform the following actions with the product-provided alert rules:

Purpose

Action

Clone a product-provided alert rule

Clickimage2022-11-7_19-31-39.png.

The clone option is available for product-provided and user-created alert rule.

Browse a product-provided alert rule

Clickimage2022-11-7_19-36-20.png.

Attach a product-provided alert rule

Select the alert rule and click Apply.

Edit a user-created alert rule

Click image2022-12-3_18-38-36.png.

The edit option is available only for user-created alert rule.

Delete an alert rule

Clickimage2022-12-8_13-2-27.png.

The delete option is available only for user-created alert rule.

Error
Warning

All product administrators and content creators can use the alert rules in a workflow.

So, be cautious when deleting an alert rule, as it may impact existing workflows.

View alert type

Constant alert tagimage-2024-11-13_18-59-15.png 

Statistical alert tagimage-2024-11-13_19-1-13.png

Warning

Important

  • You cannot edit a product-provided alert rule.
  • All alert rules for a particular metric and category are displayed. When you select an alert rule from the displayed list, it is highlighted in gray. 

To create an alert rule

  1. On the Filter bar, click Alert Rule Editor.

  2. In the Attach Alert Rule dialog box, click Create a new alert rule.
    The Create/Modify Alert Rule dialog box is displayed.
    image-2023-4-28_18-38-42.png
    The features in this dialog box are as follows:

    Field

    Description

    View

    View to which to add the alert rules.

    Category

    Category to which the alert rule will apply

    Metric

    Metric in the category to which the alert rule will apply

    For more information about metrics, see Working-with-reporting-categories.

    Alert Rule Name

    (Required) Name of the alert

    Warning

    Important

    The alert name must be unique per category and metric.

    Alert Rule Description

    (Optional) Description of the alert rule

    Alert Detection Window

    Number of intervals for an alert detection window.

    An alert detection window is a specified period starting when the first exception is recorded.

    If the number of exceptions recorded in an alert detection window exceeds the values that you have defined for the Warning, Error, or Severe alerts in the alert rule, then an alert is triggered. The respective severity counts for Warning, Error, or Severe alerts are then incremented. The alert detection window then moves to the very first exception outside the alert detection window and repeats the action.

    If no alert is triggered within the alert detection window, then the alert detection looks for the next exception within the current alert detection window and repeats the action.

    If exceptions occur but the count does not reach the warning, error, or severe level, a No Alert window is displayed. This helps visualize the number of potential occurrences and set more appropriate alert counts.

    Alert Count within Detection Window

    Minimum number of alert counts that can occur within the detection window.

    Use image2022-11-7_20-9-15.pngto enable or disable the alerts. Disabling an alert type prevents that alert type from being recorded. If you disable an alert, the Attach Alert Rule dialog box displays the alert as disabled in the Attach Alert Rule dialog box.

    Set alert counts for the following alerts:

    • Warning
      For example, If you have selected 2 as the number of exceptions in an alert detection window that will trigger a Warning alert, there must be between 2 and three exceptions in that window to trigger a Warning alert. 
    • Error
      For example, If you have selected 4 as the number of exceptions in an alert detection window that will trigger an Error alert, there must be between four and six exceptions in that window to trigger an Error alert. 
    • Severe
      For example, if you have selected 7 as the number of exceptions in an alert detection window that will trigger a Severe alert, there must be seven or more exceptions to trigger a Severe alert.

    The values have to be outside the statistical band or constant value for a given metric to be considered as an exception. 

    Alert Detection Advanced Options

    Number of days to be inspected for alerts going back from the last available date in the selected reporting time span (static or dynamic).

    image-2024-11-15_11-26-49.png

    You can also enable or disable the upper and lower limit of the exception checks within the time span. Disabling the upper limit causes the analysis to ignore exceptions that exceed the upper statistical band or constant threshold value. Disabling the lower limit causes the analysis to ignore exceptions that are below the lower statistical band or constant threshold value.

    For some metrics, the lower limit can be ignored, and for some the upper limit can be ignored.

    In the Exception Thresholds section, use image2022-11-4_17-35-7.pngto enable or disable the upper and lower thresholds of the time span.

    In the Exception Threshold Type section, select one of the following options:

    • Statistical Thresholds: Uses the historical data to generate alerts. The upper and lower thresholds limits are based on the upper and lower statistical boundaries for a given metric and object in the Banding option. The chart highlights the alerts, with the banding area defining the upper and lower thresholds. 

      For more information, see Using-the-Banding-and-the-Min-Max-options.

      Warning

      Important

      Make sure that at least one of the exception thresholds is enabled. 

    • Constant Thresholds: Uses the user-defined upper and lower threshold limits to generate alerts.
      Enter the upper and lower thresholds. The chart highlights the alerts, and the upper and lower thresholds are defined by dashed lines.
    Success

    Tip

    The upper and lower thresholds (enabled or disabled) in the Exception Threshold Type section depends on the status of the Exception Thresholds section.

    For example, if only upper threshold option is enabled in the Exception Thresholds section, then only the upper threshold is enabled in the Exception Threshold Type section.

    Learn more about Alert Detection

    Alert detection logic

    It displays a detailed description of the alert.

    image2022-12-2_18-54-53.png

    Apply an alert rule

    In the Attach Alert Rule pane, click on the alert that you want to attach to a metric, and then click Apply.

    The data is re-queried. This time it also includes the information about the alert. The Alert Preview pane displays the number of alerts based on the alert types. 

    You can also display the Alert Preview by selecting Run Query with Alerts or Run Query With Alerts For All Categories, in Run Query option. The alert rules that you apply are evaluated during the nightly process and any alerts triggered by those alert rules are made available in the dashboard alert summary.

    image-2024-11-15_18-45-36.png

    For more information on Dashboard Alert Summary, see Viewing-an-alert-summary.

To see alerts on a chart

When you apply an Alert Rule or select one of the Run Query with Alerts options, each metric and each object in the chart legend is augmented with:

  • An icon indicating the highest level of alert
  • An Alert Window option that indicates the number of alert windows and displays these windows on the chart.

image-2024-11-15_18-52-36.png

To display all the alert windows on a chart for a metric or for a specific object, click the corresponding Alert Window option. 

The Alert Windows option on the metric level displays all alert windows associated with objects of that metric.

The Alert Windows option on the object level displays alert windows of which this object was a part and shows the available statistical band, minimum and maximum, or upper and lower threshold limit.

If the objects are stacked, the Banding and Min/Max options are not available. The Alert Windows option at the object level highlights the object instead.image-2024-6-18_18-53-46.png

To show the list of Alert Windows for a particular object, click on the arrow next to the object in the legend. 

image2022-12-5_11-6-48.png

Warning

Important

A No Alert window indicates that there is at least one exception, but the total number of exceptions are below any Warning, Error, or Severe limit.

To customize product-provided alert rules

Product-provided alert rules have default parameters values, which you cannot change. To make the alert rules relevant to your business, you can clone a product-provided alert rule, change its parameters, and then apply it.

You can modify the following parameters in an alert rule:

  • Alert Detection window (in hours)
    A window in which the number of points that are outside of statistical bounds (called exceptions) is counted to compare with warning, error, and severe alert limits.

  • Warning, Error, and Severe Alert Limits

    Warning

    Important

    When adjusting Warning, Error, and Severe Alert limits, be aware that the exceptions for different objects in the same window are added together. The higher the number of the objects (represented by <N>), the higher the potential exception count.

  • Disable upper or lower exception threshold boundary
  • Select the number of days to check for alerts (from the last day on a View)
    For example, if a workflow shows data for the last 10 days, it might not be relevant to display alerts for all 10 days, because most of them were already viewed earlier. However, it might be relevant to show alerts for the last three days, so that when you look at the workflow results on a Monday morning, the alerts for Friday, Saturday, and Sunday are displayed.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC AMI Capacity Reporting 25.1