The usual sequence in investigating an anomaly is as follows:
- You probably received an alert notification. Click Investigate in the notification. The Anomap and chart for the specific anomaly opens together with other metrics that are in the same anomalies group.
- Zoom in on the anomaly spike and the surrounding periods to see if any metrics might indicate the beginning of the problem. You can sort by Start time to view the group by the metrics that became anomalous first.
Note: To Zoom in place the cursor to one side of an anomaly spike and while holding the left mouse button down, drag the cursor to the other side of the spike
- In the expression box, create an investigative expression using the same method as for building the metric. See Metric Expression Workflows.
- Using a combination of the filters and property/value expressions, eliminate suspected metrics until the root cause is discovered.
- Go to the Anoboard and set the time filter to the time around the start time of the alert, and see if there are other anomalies groups that help isolate the cause of the anomaly in the alert you received.
To investigate an anomaly directly from the Anoboard:
- Select Anomalies from the Anodot task bar.
- Select an Anomalies dashboard.
- Click Investigate in the Anomalies chart that you want to investigate. A new tabbed page is created display the selected Anomaly, or group of Anomalies and their corresponding Anomaps.
When investigating an issue, you can open multiple anomalies and easily switch between them by clicking the tabs.
- In the chart, trace the anomaly with the cursor. The date and time of the anomaly, the severity color code, and the severity rating appear at every point along the anomaly chart spike.
- To copy the metric name to the clipboard, hover over the heading with the metric description, a Copy key is display. Click Copy, a message is displayed Copied to Clipboard.
- Continue investigating metrics until you can determine a root cause, or search other anomalies groups to detect a root cause.