Anomaly event class

 an_additional_values

Additional Values

List of strings

Additional values.

No

an_algorithm_name

Algorithm Name

String

Anomaly algorithm.

Random Cut Forest.

No

an_analysis_type

Variate Type

String

Type of variate policy.

Multivariate.

No

an_anomaly_id

Anomaly Id

String

Unique Anomaly ID.

System-generated hexadecimal value. For example, ec20943f-0364-4622-9abc-6869fea51ead

No

an_attribution_metrics

Attribution Metric Ids

List of strings

Identifier for each metric in the variate policy.

A combination of metric name, entity ID, Object ID, Object Class, and host details. System-generated. For example, __name__=vmUsed,entityId=a4c0e83f-ac6f-497b-86cd-c646b90d7f89:NUK_Memory:
NUK_Memory,hostname=ai-ml-host94.abc.com

For a multivariate, it is a comma-separated list. The scores are listed based on highest contributing metric on top to the lowest contributing metric at the bottom.

No

an_attribution_score

List of strings

Contribution of one or multiple metrics to the overall anomaly score calculation.

For a multivariate, it is a comma-separated list. The scores are listed based on the highest contributing metric on top to the lowest contributing metric at the bottom.

No

an_end_time

Anomaly End Time

Long (Epoch)

Anomaly status change time. It is an epoch time. For example, 4294967295000 (2020/09/22 10:40:52 A.M.)

Yes

an_highest_severity

Highest Severity

Enum

Ordinal point of highest severity for a given metric.

For example, 70 (could be equal to CRITICAL severity when translated).

Yes

an_kpi_group_id

Variate Policy Id

String

Unique policy identifier. It is a hexadecimal value.

For example, 1a18513b-b2c6-41ab-a437-77265f740acd

No

an_kpi_group_name

Variate Policy Name

String

User-defined name of the variate policy.

No

an_mean

Mean

String

Mean distribution score of the contributing metrics. It is a decimal value.

For example, 0.9555227578206286.

No

an_minmax_score

Min-Max Score

String

Min-Max normalization score. It is a decimal value.

For example, 12.023813718063897.

No

an_old_severity

Old Severity

Enum

Ordinal point of the previous severity before the latest severity change.

Yes

an_parameter_name

Metric Name

String

Name of the selected metric.

Yes

an_parameter_threshold

Variate Threshold

String

Variate threshold value. It is a decimal value.

For example, 3.638181541480837.

No

an_parameter_value

Metric Value

String

Metric value.

No

an_pts_exceeded

Data Points Exceeded

Integer

The number of data points that exceeded the deviation range within the sample.

No

an_pts_total

Total Data Points

Integer

Total number of such data points in the system.

No

an_score 

Anomaly Score

String

Anomaly score value. The sum of all contributions from all attribution scores. See Attribution Score above.

It is a decimal value. For example, 4.331904.

No

an_sensitivity

Sensitivity

String

Sensitivity value.

This is the same as the Variability Range in Anomaly Score Settings for a particular severity configured in the variate policy. By default, it is 1.0 for Minor, 2.0 for Major, and 3.5 for Critical.

No

an_standard_deviation

Standard Deviation

String

Standard deviation calculation.

No

an_sustain_duration

Anomaly Duration

Integer

Persistence or waiting time in minutes before an anomaly event is generated. The event is generated only if the anomaly persists for this duration.

This is same as the Anomaly Duration in Anomaly Event Settings configured in the variate policy. For example, 0, 5, 10, or 15.

No

object

Object

String

Subcomponent of the host with which the event is related.

For example, it could be the name of the disk on which the event is reporting the problem.

No

object_class

Object Class

String

Object class identifier. If the object class cannot be derived from the original event, it must be filled in during the event enrichment.

No

oject_id

Object ID

String

It is a combination of Agent UID, Monitor type, and Instance name.

No