Install and Configure Anomaly Detection

Anomaly Detection must be enabled after you install the Anomaly Detection Service. Enabling Anomaly Detection also enables Automated Root Cause Analysis.

Enable Anomaly Detection

After you install the Anomaly Detection Service, you must enable Anomaly Detection separately for each application.

  1. In Alert & Respond > Anomaly Detection, select one of the following applications from the dropdown:
    • Applications
    • User Experience: Browser Apps
    • User Experience: Mobile Apps
  2. Toggle Anomaly Detection ON.
    After you enable Anomaly Detection, it takes 48 hours for Anomaly Detection and Automated Root Cause Analysis to become available. During that time, the machine learning models train on your applications.
  3. Select Alert & Respond > Anomaly Detection > Model Training to view the training status for your application servers, business transactions, base pages, and network requests as applicable.

The following table explains the training statuses.

StatusMeaning
In TrainingModel training is in progress for the application servers, business transaction, base page, or network request.
ReadyModel training is complete and the application servers, business transaction, base page, or network request is healthy.
WarningModel training is complete, but the application servers, business transaction, base page, or network request has experienced one or more Warning level anomalies during the training period.
CriticalModel training is complete, but the application servers, business transaction, base page, or network request has experienced one or more Critical level anomalies during the training period.
Not AvailableModel training is incomplete and the application servers, business transaction, base page, or network request is not visible to Anomaly Detection.
The models continue training as long as Anomaly Detection is enabled. For example, if traffic to a Business Transaction is interrupted for long enough duration preventing training that day, Anomaly Detection continues to function using the models from the previous seven days.
Note: No machine learning models are trained for Business Transactions that have very low calls per minute (CPM), because the sample size will be so small that the resulting model will be unreliable.

異常のモニタリング

アプリケーションサーバー、ビジネストランザクション、ベースページ、データベース、およびネットワークリクエストの異常を表示およびモニターするには、Alert & Respond > Anomaly Detection > Anomalies の順に選択します。

または、次のページから異常をモニターします。

ビジネストランザクションの監視。

ビジネストランザクションに関連する異常を表示するには、次の手順を実行します。
  1. Applications > Business Transactions で、目的の [Business Transaction] を選択します。
  2. [Health] 列の [Warning] または [Critical] アイコンをクリックします。
    そのビジネストランザクションの正常性ルール違反と異常のリストが表示されます。
  3. 異常のリストは複数の方法で表示できます。異常のモニタリングには、Splunk AppDynamics の操作方法が反映されます。次のいずれかのオプションを選択し、根本原因の自動分析の結果が含まれる詳細表示を開きます。
    • ツールチームのためにツールをセットアップして検証する場合は、Alert & Respond > Anomaly Detection > Anomalies で異常の詳細を表示します。
    • アプリケーション運用チームのためにアプリケーションをモニターする場合は、次の手順を実行します。
      • Applications > Events で、異常が含まれるように [Event Types] をフィルタ処理します。
      • Applications > Troubleshoot > Violations & Anomalies で、異常が含まれるように [Event Types] をフィルタ処理します。

ブラウザアプリケーションの異常のモニタリング

ブラウザアプリケーションに関連する異常を表示するには、次の手順を実行します。
  1. メインメニューから、User Experience > Browser Apps の順にクリックします。
  2. 目的のブラウザアプリケーションを選択し、[Details] をクリックします。
  3. 次の手順を実行します。
    1. [Violation & Anomalies] をクリックして、選択したブラウザアプリケーションに関連するすべての異常を表示します。
    2. [Events] をクリックして、すべての異常イベントを表示します。

異常のモニタリング

データベースに関連する異常を表示するには、次の手順を実行します。
  1. メインメニューから、[Databases] をクリックします。
  2. 次の手順を実行します。
    1. [Violation & Anomalies] をクリックして、選択したデータベースに関連するすべての異常を表示します。
    2. [Events] をクリックして、すべての異常イベントを表示します。

モバイルアプリケーションの異常のモニタリング

モバイルアプリケーションに関連する異常を表示するには、次の手順を実行します。
  1. メインメニューから、User Experience > Mobile Apps の順にクリックします。
  2. 目的のモバイルアプリケーションを選択し、[Details] をクリックします。
  3. 次の手順を実行します。
    1. [Health Rule Violations] をクリックして、選択したブラウザアプリケーションに関連するすべての異常を表示します。
    2. [Events] をクリックして、すべての異常イベントを表示します。

Configure Anomaly Detection

By default, Anomaly Detection alerts you about the anomalies found in all the business transactions, base pages, and network requests in your application. However, you can configure Anomaly Detection to surface only those anomalies within the combination of business transactions, base pages, or network requests, severity level, and detection sensitivity that you specify. Do this if you prefer to see fewer and more narrowly focused alerts:

  1. Click Configure Anomaly Detection to open the configuration dialog.
  2. Select the desired component from the dropdown:
    • Applications
    • User Experience: Browser Apps
    • User Experience: Mobile Apps
  3. Select one of the following on which you want Anomaly Detection:
    • For Business Transactions associated with the selected application:
      • All Business Transactions in the Application (this is the default selection)
      • Business Transactions within the specified Tiers
      • These specified Business Transactions
      • Business Transactions matching the following criteria:
        • Starts With
        • Ends With
        • Contains
        • Equals
        • Matches Regular Expression
        • Is in List
        • Is Not Empty
          Note: You can also select the NOT operator to reverse the criteria.
    • For servers associated with the selected application:
      • All Servers (this is the default selection)
      • Specific Servers
      • All Servers of a Specific Tier
    • For Base Pages associated with the selected application:
      • All Base Pages in the Application
      • These specified Base Pages
      • Base Pages matching the following criteria:
        • Starts With
        • Ends With
        • Contains
        • Equals
        • Matches Regular Expression
        • Is in List
        • Is Not Empty
          Note: You can also select the NOT operator to reverse the criteria.
    • For Network Requests associated with the selected application:
      • All Network Requests in the Application
      • These specified Network Requests
      • Network Requests of these specified mobile applications
      • Network Request matching the following criteria:
        • Starts With
        • Ends With
        • Contains
        • Equals
        • Matches Regular Expression
        • Is in List
        • Is Not Empty
          Note: You can also select the NOT operator to reverse the criteria.
  4. Select one of the following severity levels:
    • All Severities (includes both Warning and Critical)
    • Critical
    • Warning
  5. In Detection Sensitivity, select one of the following levels:
    Sensitivity LevelDescription
    HighUse this level for business-critical services to ensure that no issue gets undetected in your environment. It triggers more alerts but with lower statistical confidence.
    MediumUse this level for services that are important to your business but not critical. By default, this sensitivity level is selected.
    LowUse this level for services that have low business impact and to avoid too many alerts.
  6. If you want to test anomaly detection in a non-production environment, select Yes, turn on test mode.
    Note: The test mode allows you to assess anomaly detection capabilities in non-production environments. In this mode, the anomaly detection accurately detects any performance issues even if metric data collection is low. You can use the test mode in your development or staging environments.
  7. Click Save to complete the configuration.