Drill Into an Anomaly

  • In Alert & Respond > Anomaly Detection, view the Anomalies tab.
  • Double-click an anomaly to open the detailed view.

Initially, the page describes everything that is occurring during the anomaly's Start Time. To review how things change later in the anomaly's lifecycle, click events further along its timeline.

Examine the Anomaly Description

The anomaly description describes the anomaly in relation to an entity: business transaction, database, base page experience, or network request. It describes the severity level of the selected state transition event of the anomaly, and the top deviating metrics related to the entity.

In this example, let's analyze the following:

  • Business Transaction: /web-api/getDepositSummary
  • Severity Level: Critical
  • Top Deviating Metrics: Average Response Time

The deviating metric is Average Response Time indicating that checkout responding slowly is the problem.

Examine the Timeline

The timeline visually represents the different stages an anomaly passes through, starting from its initial detection and continuing until it is resolved. Periods when the data is actively analyzed to detect anomalies are highlighted in grey, indicating the evaluation window. The evaluation time period is the duration in which the data is analyzed to detect the anomaly. By using this timeline, you can pinpoint the precise moment when the anomaly began. Specific markers on the timeline indicate each time the anomaly transitions between states, such as moving from Warning to Critical, helping you track the progression of the issue in detail.

For example, the timeline begins in the Critical state, followed 35 minutes later by a transition to the Warning state, which lasts only 10 minutes.

By contrast, patterns that appear in more complicated timelines may help you to understand anomalies. For example, this timeline from a different anomaly repeatedly toggles from a brief Warning state to a longer Critical state:

In this case, you should examine several state change events to determine what clues toggling between states offers about problems in your application.

Examine the Flow Map

The example flow map contains:

  • The START label shows that the Business Transaction begins with the web-api tier.
  • Between the web-api tier and its numerous dependencies, there are the red tiers where the system has found suspected causes.

You can now focus on the red tiers that contain the root cause of the anomaly.

Examine the Top Suspected Causes

The Suspected root causes tab displays the likely root causes of a performance problem associated with a business transaction and a database. You can can traverse up to the following entities in the call paths to find the root cause of the anomaly:

  • services such as payment service, order service

  • backend such as database backend, HTTP backend

  • cross-applications

  • Infra machine entity-server

Warning: Currently, the Top Suspected Causes feature is not available for base page experience, databases, and network request issues.

In the example, we want to know why the business transaction /web-api/getDepositSummary is throwing an error. From Summary| AI-generated, you get a brief description of the issue such as the affected business transaction, start and end time of the anomaly, anomaly states such critical, warning, and the deviating metric details. AppDynamics SaaS uses AI to correlate all the metrics associated with an anomaly and generates the summary. This comprehensive summary help you to understand the issue better.

Note: The AI-generated summaries are only available for anomalies related to business transactions and databases.