This documentation supports an earlier version of BMC Helix Operations Management.To view the documentation for the latest version, select 23.2 from the Product version picker.

Detecting anomalies by using static and dynamic thresholds

Anomalies are observations that diverge from a well-structured data pattern or an irregular spike in the time-series data or unclassifiable data points within a specific data set. An anomaly could occur independently or due to a combination of factors. For example, the combination of slow response time and high memory utilization together may impact the expected system behavior. 

As an administrator, create alarm and variate policies to help you monitor and manage the health of your system and detect anomalies. These policies can also help you detect abnormal behavior in your monitoring data more accurately by reducing:

  • False positives: Scenarios where an alarm is raised even though the system exhibits normal behavior. 
  • False negatives: Scenarios where the product failed to raise an alarm despite the occurrence of an abnormal metric condition.

Alarm policies use a combination of static and baseline thresholds, and variate policies use dynamic thresholds. In the monitoring world, a threshold is a defined value that determines whether a monitored metric, such as CPU utilization or memory usage, is above, below, or within a normal range in your infrastructure environment.


Alarm policies

Alarm policies use a combination of static and baseline thresholds to detect anomalies. The following table lists a few example scenarios for alarm policies:


Variate policies

As an administrator, create variate policies to receive event notifications. Variate policies use dynamic thresholds. Use these policies when you want to be alerted for metric anomalies where the threshold limits keep changing over time. The following table provides a few example scenarios for variate policies.