Autoanomalies

Anomalies are observations that diverge from a well-structured data pattern. Autoanomalies are generated by the system automatically when a metric violates the baseline and metric deviation (in sigma) values for a specific duration.

The following video (2:35) provides an overview of automatic anomaly detection in BMC Helix Operations Management.

icon-play@2x.pngWatch the YouTube video about the Overview of automatic anomaly detection in BMC Helix Operations Management

Related topics

Configuring-autoanomaly-event-generation

Variate-Policies

Viewing-anomaly-events

Configuring-alarm-policies


The following image illustrates the benefits of enabling automatic anomaly detection versus disabling it:

Auto anomaly on versus off.png


Important

  • If you have deployed BMC Helix Operations Management on premises, the auto anomaly feature is disabled by default. Before you enable the feature, review the sizing guidelines. and set the AUTOANAMOLY parameter to yes in the configuration file.

  • Event policies do not apply to anomaly events. Anomaly events generated by using autoanomalies cannot be updated by using event policies or the Events page.
  • You cannot delete closed autoanomaly events by using both the UI and API.
Scenario

Sarah is an administrator at Apex Global. She manually configures anomaly detection for each metric that violates the baseline, which is time-consuming. She wants to be notified about anomaly events automatically, with fewer manual configurations when, for example, the CPU utilization of a Linux host violates the metric baseline and deviation values continuously for 10 minutes.

Can Sarah achieve this goal?
Yes! Sarah can manage anomaly event generation on the Manage Auto Anomaly Event Generation page in BMC Helix Operations Managementwith fewer clicks.

With this feature, she can also achieve better event noise reduction and improve the mean time to resolve (MTTR).




                             




Benefits of auto anomaly event generation.png



As an administrator, configure the system to automatically generate anomaly events with a specific severity when a metric violates the baseline and breaches a deviation value in sigma. The system calculates a metric's baseline based on the historical data collected over time.

Configure automatic anomaly event generation for key performance indicators (KPIs) or all performance metrics with fewer manual configurations. Performance metrics monitor the health and performance of a specific device or service.

Performance metrics are a superset that consists of both KPI and non-KPI metrics. For example, the Idle Time (%) of a CPU is a performance metric, and KPI: Utilization (%) of a CPU is a KPI metric.

Metrics are marked as KPIs at the monitoring solutions or Knowledge Module (KM) levels. To learn more about performance and KPI metrics, seeMonitoring solutions in BMC Helix Operations Management.


How does the system detect an anomaly

BMC Helix Operations Management collects the values for a monitor's attributes and performance metrics over a specific time. The system calculates a low and high baseline value for a metric based on historical data. Baseline calculation begins after six hours of aggregate data is available for a metric.



How does the system detect an anomaly.png


The system generates anomaly events automatically after a specific duration lapse for the following violations:

  • Baseline violation
  • Deviation violation

To learn about how sigma deviation works, see Variate-Policies. The anomaly event is automatically closed when the metric value returns to a normal state.

In the following example, the system generates an anomaly event only when the Traffic_out metric in a network violates the following parameters:

  • Metric baseline (High baseline: 14663.847)
  • Sigma (3)
    The system waits until the metric deviates for 3 sigma before it generates the anomaly.
  • Duration (6 minutes)
    The system waits for 6 minutes before it generates the anomaly.

The system automatically closes the anomaly event when the CPU utilization returns to a normal state.

BitPerSecond anomaly event open.png

BitPerSecond anomaly event close.png

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*