Documentation forHybrid Cloud Observability

Anomaly-Based Alerting in Hybrid Cloud Observability

With version 2022.4, for Hybrid Cloud Observability Advanced customers, we’re excited to announce the availability of Anomaly-Based Alerting, which leverages our cloud-based AIOps service. Anomaly-Based Alerting improves on standard Hybrid Cloud Observability alerting. It leverages machine learning to reduce the amount of "alert noise" that can happen for alerts that are solely based on static thresholds - even when small deviations that might trigger an alert are often expected.

Anomaly-Based Alerting requires a SolarWinds Platform server with an active Hybrid Cloud Observability Advanced license (non-evaluation) connected via Platform Connect to a SolarWinds Observability account. You can start a free trial of SolarWinds Observability to enable you to generate the token required by Hybrid Cloud Observability to send the metrics to the linked cloud tenant. After Platform Connect has been set up, only an active Hybrid Cloud Observability Advanced license is needed to use Anomaly-Based Alerts - an active SolarWinds Observability license is not required.

Initial setup for Anomaly-Based Alerts

To use Anomaly-Based Alerting, you first need to connect your SolarWinds Platform server with an active Hybrid Cloud Observability license to SolarWinds Observability with Platform Connect.

If you've already enabled Platform Connect, you can go straight to creating an Anomaly-Based Alert. If you have not already enabled Platform Connect, you will be directed to the Platform Connect setup wizard the first time you navigate to Anomaly-Based Alerts in the SolarWinds Web Console.

Alternatively, you can enable Platform Connect separately by navigating to Settings -> All Settings, scroll down to the Platform Connect section -> Add/Edit Platform Connector. Follow the on-screen instructions to set up Platform Connect.

Learn more about connecting Hybrid Cloud Observability to SolarWinds Observability with Platform Connect

Create an Anomaly-Based Alert

You can create Anomaly-Based Alerts through a wizard with a similar look and feel to the standard Hybrid Cloud Observability alerting.

In the SolarWinds Platform Web Console, navigate to Alerts & Activity -> Anomaly-Based Alerts. This option will only be visible if you have an active Hybrid Cloud Observability Advanced license.

The wizard will guide you through the process. Select the Entity Type and Entities you want to alert on and the conditions under which the alert should trigger.

With 2024.1, Anomaly-Based Alerts can now be created using an OR operator to alert when any conditions are met. This is in addition to the existing AND operator, allowing more flexible alert conditions.

Anomaly-Based Alerting training period

Before an Anomaly-Based Alert can take advantage of its anomaly-detection capability, it has to spend some time training. Anomaly-Based Alerts begin this training period immediately after creation, and the amount of time the training takes depends on the metric selected. This can take up to a few hours.

By default, an Anomaly-Based Alert will not trigger until the training period has completed. If you would like the alert to trigger based on the conditions you have configured, even if the training period has not completed, or if the Anomaly Detection Service is down or otherwise not available, you can check the “Trigger alert if conditions are met but metrics are not trained or Anomaly Detection Service is down” checkbox when creating the alert.

Note that Anomaly-Based Alerts triggered with this box checked while the training period has not yet completed or if the service is not available will function as a normal SolarWinds Platform alert that does not take advantage of anomaly detection functionality. After training has completed, Anomaly-Based Alerts that were created with this box checked will take full advantage of Anomaly Detection as long as the service is available.

What kind of entities does Anomaly-Based Alerting work with?

When creating an Anomaly-Based Alert, we only show the supported entity types that work with Anomaly detection. Anomaly-Based Alerts can be used with certain supported metrics. In 2022.4, we support network node metrics being sent to the SolarWinds AIOps service in SolarWinds Observability via Platform Connect.

With 2023.2, Anomaly-Based Alerts can now be defined for use with Linux and Windows servers, which now appear in the server filter during the entity selection step of the Anomaly-Based Alert creation flow. The supported metrics for Linux and Windows servers are CPU, memory, response time, and packet loss. Windows workstations are not supported.

Managing Anomaly-Based Alerts

You can manage Anomaly-Based Alerts in the same way that you would manage other SolarWinds Platform alerts using the standard SolarWinds Platform alerts interface. In the SolarWinds Platform Web Console, navigate to Alerts & Activity -> Alerts. Then click Manage alerts.

Learn more about modifying alerts in the SolarWinds Platform Web Console

Viewing Anomaly-Based Alerts

To see triggered Anomaly-Based Alerts, click Alerts & Activity -> Anomaly-Based Alerts. Filter alerts by alert status or node status, and see all relevant Anomaly-Based Alerts that have triggered.

Anomaly-Based Alerts status view

Anomaly-Based Alerts detail view

With Hybrid Cloud Observability 2023.1 and later, click an anomalous alert on the timeline to see additional information on the right-hand side of the screen, such as normal operating ranges (NOR) for the time intervals and associated metric value to give you greater context for why an alert is considered anomalous.

Frequently asked Data security questions for using Anomaly-Based Alerts

What is sent from Platform Connect for system and networking configurations when using Anomaly-Based Alerts?

The following table shows what kind of information is or is not sent from the SolarWinds Platform to SolarWinds Observability through Platform Connect.

  Sent from the SolarWinds Platform to SolarWinds Observability through Platform Connect?

metric tags published to SolarWinds Observability

Learn more about standard network device metrics in SolarWinds Observability

IP addresses, hostnames Yes
  • sw.collector.Nodes.IPAddress

  • sw.collector.Nodes.DNS

  • sw.collector.Nodes.SysName

  • sw.collector.Nodes.Caption

client and/or customer data Yes, if filled or explicitly defined
  • sw.collector.Nodes.Contact

  • sw.collector.Nodes.Location

  • any explicitly defined custom property containing client or customer data

network topology No N/A
security configurations No N/A
admin credentials No N/A

What data is stored in the Cloud when using Anomaly-Based Alerting?

Anomaly detection only uses time series metrics data. The data is associated with organization ids and entity ids as appropriate for detecting anomalies but is not mapped in any specific or personally identifiable way.

How long is the data stored in the Cloud?

Any historical data used for Anomaly detection calculation is stored for a maximum of 21 days.

Is any Personally Identifiable Information (PII) stored?

No. Personally Identifiable Information is never stored.