Anomaly-Based Alerting in SolarWinds Observability Self-Hosted
Anomaly-Based Alerting, which leverages the SolarWinds cloud-based AIOps service, is available to SolarWinds Observability Self-Hosted Advanced customers. Anomaly-Based Alerting improves on standard SolarWinds Observability Self-Hosted alerting. It leverages machine learning to reduce the amount of "alert noise" that can happen for alerts that are solely based on static thresholds, even when small deviations that might trigger an alert are often expected.
Anomaly-Based Alerting requires a SolarWinds Platform server with an active SolarWinds Observability Self-Hosted Advanced license (non-evaluation) connected via Platform Connect to a SolarWinds Observability SaaS account. You can start a free trial of SolarWinds Observability SaaS to enable you to generate the token required by SolarWinds Observability Self-Hosted to send the metrics to the linked cloud tenant. After Platform Connect has been set up, only an active SolarWinds Observability Self-Hosted Advanced license is needed to use Anomaly-Based Alerts. An active SolarWinds Observability SaaS license is not required.
Initial setup for Anomaly-Based Alerts
To use Anomaly-Based Alerting, you first need to connect your SolarWinds Platform server with an active SolarWinds Observability Self-Hosted license to SolarWinds Observability SaaS with Platform Connect.
If you've already enabled Platform Connect, you can go straight to creating an Anomaly-Based Alert. If you have not already enabled Platform Connect, you will be directed to the Platform Connect setup wizard the first time you navigate to Anomaly-Based Alerts in the SolarWinds Web Console.
Alternatively, you can enable Platform Connect separately by navigating to Settings > All Settings, scroll down to the Platform Connect section > Add/Edit Platform Connector. Follow the on-screen instructions to set up Platform Connect.
Create an Anomaly-Based Alert
You can create Anomaly-Based Alerts through a wizard with a similar look and feel to the standard SolarWinds Observability Self-Hosted alerting.
In the SolarWinds Platform Web Console, navigate to Alerts & Activity > Anomaly-Based Alerts. This option is visible only if you have an active SolarWinds Observability Self-Hosted Advanced license.
The wizard guides you through the process. Select the Entity Type and Entities you want to alert on and the conditions that should trigger the alert.
When you create an alert with multiple conditions, use an AND operator if all conditions must be met. Use an OR operator to trigger the alert if any condition is met.
Anomaly-Based Alerting training period
Before an Anomaly-Based Alert can take advantage of its anomaly-detection capability, it has to spend some time training. Anomaly-Based Alerts begin this training period immediately after creation, and the amount of time the training takes depends on the metric selected. This can take up to a few hours.
By default, an Anomaly-Based Alert is not triggered until the training period has completed. If you would like the alert to be triggered based on the conditions you have configured, even if the training period has not completed, or if the Anomaly Detection Service is down or otherwise not available, you can check the “Trigger alert if conditions are met but metrics are not trained or Anomaly Detection Service is down” checkbox when you create the alert.
When this option is selected and an Anomaly-Based Alerts is triggered during the training or while the service is not available, the alert functions as a normal SolarWinds Platform alert that does not take advantage of anomaly detection functionality. After the training is complete, Anomaly-Based Alerts that were created with this option selected take full advantage of Anomaly Detection as long as the service is available.
What kind of entities does Anomaly-Based Alerting work with?
When you create an Anomaly-Based Alert, you can select only the entity types and metrics that support Anomaly detection. Anomaly-Based Alerts support network node metrics being sent to the SolarWinds AIOps service in SolarWinds Observability SaaS through Platform Connect.
Anomaly-Based Alerts can be defined for use with Linux and Windows servers, which appear in the server filter during the entity selection step of the Anomaly-Based Alert creation flow. The supported metrics for Linux and Windows servers are CPU, memory, response time, and packet loss. Windows workstations are not supported.
Manage Anomaly-Based Alerts
You can manage Anomaly-Based Alerts in the same way that you would manage other SolarWinds Platform alerts using the standard SolarWinds Platform alerts interface. In the SolarWinds Platform Web Console, navigate to Alerts & Activity > Alerts. Then click Manage alerts.
Learn more about modifying alerts in the SolarWinds Platform Web Console.
View Anomaly-Based Alerts
To see triggered Anomaly-Based Alerts, click Alerts & Activity > Anomaly-Based Alerts. Filter alerts by alert status or node status, and see all relevant Anomaly-Based Alerts that have been triggered.
Anomaly-Based Alerts status view
Anomaly-Based Alerts detail view
Click an anomalous alert on the timeline to see additional information on the right side of the screen, such as normal operating ranges (NOR) for the time intervals and associated metric value. This information gives you greater context for why an alert is considered anomalous.
Frequently asked data security questions for using Anomaly-Based Alerts
What is sent from Platform Connect for system and networking configurations when Anomaly-Based Alerts are used?
The following table shows what kind of information is or is not sent from the SolarWinds Platform to SolarWinds Observability SaaS through Platform Connect.
Sent from the SolarWinds Platform to SolarWinds Observability SaaS through Platform Connect? | Metric tags published to SolarWinds Observability SaaS* | |
---|---|---|
IP addresses, hostnames | Yes |
|
Client or customer data | Yes, if filled or explicitly defined |
|
Network topology | No | N/A |
Security configurations | No | N/A |
Admin credentials | No | N/A |
*Learn more about standard network device metrics in SolarWinds Observability SaaS.
What data is stored in the Cloud when Anomaly-Based Alerts are used?
Anomaly detection uses only time series metrics data. The data is associated with organization IDs and entity IDs as appropriate for detecting anomalies, but it is not mapped in any specific or personally identifiable way.
How long is the data stored in the Cloud?
Any historical data used for Anomaly detection calculation is stored for a maximum of 21 days.
Is any Personally Identifiable Information (PII) stored?
No. Personally Identifiable Information is never stored.