Anomaly Detection

Machine learning-based alerting for unusual patterns.

How It Works

1. Baseline Learning

System learns normal behavior:

Response time patterns
Traffic volume
Error rates
Resource usage

Learning period: 7 days minimum

2. Anomaly Detection

Machine learning algorithms analyze metrics:

Detects outliers and unusual patterns
Seasonal pattern recognition
Trend analysis
Works on any metric type

3. Alert Generation

When anomaly detected:

Calculate severity (low/medium/high)
Check alert rules
Send notifications
Create incident

Configuration

Dashboard → Alerts → Anomaly Detection → Configure

Sensitivity

Low: Only major anomalies (95th percentile)
Medium: Moderate anomalies (90th percentile)
High: Any unusual pattern (80th percentile)

Time Window

How long pattern must persist:

5 minutes - Quick detection, more false positives
15 minutes - Balanced (recommended)
30 minutes - Fewer alerts, slower detection

Metrics Tracked

Enable anomaly detection for:

✅ Response time
✅ Error rate
✅ Traffic volume
✅ CPU usage
✅ Memory usage

Alert Examples

Traffic Spike

🔔 Anomaly Detected: Traffic Spike
Monitor: api.example.com
Current: 1,250 req/min
Expected: 450 req/min (±100)
Deviation: +178%
Severity: HIGH

Response Time Degradation

🔔 Anomaly Detected: Slow Response
Monitor: checkout.example.com
Current: 2,450ms avg
Expected: 680ms (±200ms)
Deviation: +260%
Severity: CRITICAL

Reducing False Positives

1. Extend Learning Period

More data = better baseline:

Default: 7 days
Recommended: 14-30 days for stable patterns

2. Adjust Sensitivity

Start conservative:

Week 1: Low sensitivity
Week 2: Review alerts, adjust to Medium
Week 3+: Fine-tune based on feedback

3. Mute Known Patterns

Scheduled maintenance, deployments:

Dashboard → Alerts → Mute Rules
Pattern: "deployment"
Schedule: Tuesdays 2-3 AM

Anomaly Dashboard

Dashboard → Alerts → Anomalies

View:

Recent anomalies
Severity distribution
False positive rate
Model accuracy metrics

API Access

curl -H "Authorization: Bearer $API_KEY" \
  https://statusradar.dev/api/alerts/anomalies?hours=24

Next Steps

Channels - Configure notifications
Thresholds - Static thresholds
Overview - Alert system basics

On this page

How It Works
1. Baseline Learning
2. Anomaly Detection
3. Alert Generation
Configuration
Sensitivity
Time Window
Metrics Tracked
Alert Examples
Traffic Spike
Response Time Degradation
Reducing False Positives
1. Extend Learning Period
2. Adjust Sensitivity
3. Mute Known Patterns
Anomaly Dashboard
API Access
Next Steps