Documentation forSolarWinds Platform Self-Hosted

Anomaly-Based Alerting in SolarWinds Observability Self-Hosted

Anomaly-Based Alerting uses the SolarWinds cloud-based AIOps service to identify unusual behavior in your environment. This feature is available to SolarWinds Observability Self-Hosted Advanced customers. By applying machine learning to your metric data, Anomaly-Based Alerting reduces alert noise that can occur when alerts rely solely on static thresholds, especially when small deviations are expected.

Anomaly-Based Alerting requires a SolarWinds Platform server with an active (non-evaluation) SolarWinds Observability Self-Hosted Advanced license connected to SolarWinds Observability SaaS through Platform Connect. After Platform Connect is configured, only an active SolarWinds Observability Self-Hosted Advanced license is needed to use Anomaly-Based Alerts. A separate SolarWinds Observability SaaS license is not required.

Initial setup for Anomaly-Based Alerts

To use Anomaly-Based Alerting, you first need to connect your SolarWinds Platform server with an active SolarWinds Observability Self-Hosted license to SolarWinds Observability SaaS with Platform Connect.

  • If you've already enabled Platform Connect, you can go straight to creating an Anomaly-Based Alert.

  • If not, you will be directed to the Platform Connect setup wizard the first time you navigate to Anomaly-Based Alerts in the SolarWinds Web Console.

Alternatively, you can enable Platform Connect manually. In SolarWinds Platform Web Console, click Settings > All Settings , and then click Add/Edit Platform Connector in the Platform Connect section. Follow the on-screen instructions to set up Platform Connect.

See Connect to SolarWinds Observability SaaS with Platform Connect.

Create an Anomaly-Based Alert

You can create Anomaly-Based Alerts through a wizard with a similar look and feel to the standard SolarWinds Observability Self-Hosted alerting. See Use alerts to monitor your environment.

  1. In the SolarWinds Platform Web Console, navigate to Alerts & Activity > Anomaly-Based Alerts. This option is visible only if you have an active SolarWinds Observability Self-Hosted Advanced license.

  2. Click Add New Alert. The wizard guides you through the process.

  3. Select the Entity Type and Entities you want to alert on.

  4. Specify the conditions that should trigger the alert.

    • Use AND when all conditions must be met.

    • Use OR when meeting any single condition should trigger the alert.

  5. Complete the wizard.

Anomaly-Based Alerting training period

After an Anomaly-Based Alert is created, the alert enters a training period to learn normal behavior for the selected metric. Training starts immediately and may take up to a few hours, depending on the metric.

By default, an Anomaly-Based Alert is not triggered until training is complete.

If you want the alert to trigger based on its defined conditions—even when training has not finished, or if the Anomaly Detection Service is unavailable—select Trigger alert if conditions are met but metrics are not trained or Anomaly Detection Service is down when creating the alert.

When this option is selected, alerts behave as a normal SolarWinds Platform alerts. After the training completes, Anomaly-Based Alerts begin using anomaly detection as long as the service is available.

Supported entity types

When you create an Anomaly-Based Alert, you can select only the entity types and metrics that support anomaly detection. Anomaly-Based Alerts support network node metrics sent to the SolarWinds AIOps service in SolarWinds Observability SaaS through Platform Connect.

You can create Anomaly-Based Alerts for Linux and Windows servers available in the wizard. The supported metrics for Linux and Windows servers include CPU, memory, response time, and packet loss. Windows workstations are not supported.

Manage Anomaly-Based Alerts

You can manage Anomaly-Based Alerts using the standard SolarWinds Platform alerts interface.

  1. In the SolarWinds Platform Web Console, click Alerts & Activity > Alerts.
  2. Click Manage Alerts or Actions > Manage Alerts in the top-right corner of the page.

See Edit alerts.

View Anomaly-Based Alerts

To see triggered Anomaly-Based Alerts, click Alerts & Activity > Anomaly-Based Alerts. You can filter alerts by alert status or node status.

Anomaly-Based Alerts status view

Anomaly-Based Alerts detail view

Click the arrow at the end of the anomalous alert row to see additional information, such as normal operating ranges (NOR) for the time intervals and associated metric value. This information gives you greater context for why an alert is considered anomalous.

Data Security for Anomaly-Based Alerts

When Anomaly-Based Alerts are enabled through Platform Connect, the SolarWinds AIOps service uses only the metric data sent from your SolarWinds Observability Self-Hosted environment required by anomaly-based alerts. The service uses up to seven days of metric data for anomaly detection.

All data is associated only with hashed organization ID and entity IDs and remains fully obfuscated.

No Personally Identifiable Information (PII) is ever stored.