Facts and Figures

This article lists the known defaults and known limitations we have today in Anodot service. Knowing these limitations will help you to identify issues and to know how to bypass them.

This article contains the following sections:

Data and Anomalies Retentions 
First Baseline Creation Time 
Seasonality Detection Time 
Time to Catch First Anomalies 
Time to Close an Anomaly 
Time to Resume Learning 
Other Defaults

DATA AND ANOMALIES RETENTION RATES

We distinguish between two types of retention rates:

  • Data retention - For how long Anodot will keep the raw data information.
  • Anomalies retention - For how long Anodot will keep the anomalies data information.

Both retention rates come with default settings. To use different rates,  contact Anodot’s CSM. Please note that some retention changes may require to move to our premium package.

The default data and anomalies retention by time scale are: 

Time Scale

Data Retention

Anomalies Retention

1 minute

7 days

3 days

5 minutes

30 days

7 days

1 hour

6 months

30 days

1 day

1 year

30 days

1 week

5 years

1 year

FIRST BASELINE CREATION TIME

The first baseline creation time is the minimum  time it takes for a new baseline to initialize for a new metric.

The default baseline creation times by time scale are:

Time Scale

Default Baseline Creation Time

1 minute

1 hour

5 minutes

5 hours

1 hour

40 hours

1 day

10 days

1 week

6 weeks

SEASONALITY DETECTION TIME

Seasonal patterns are detected with a minimum time of 4X the season length.

Daily seasonality requires at least 4 days in order for Anodot to calculate the daily seasonality of a metric.

Weekly seasonality requires at least 4 weeks in order for Anodot to calculate the weekly seasonality of a metric.

Remember that not all signal types have seasonality. Seasonality detection is supported only for regular or near regular signals.

TIME TO CATCH FIRST ANOMALIES

For new metrics, it will take some time until we will start to catch the first anomalies assuming the baseline was already created.

Anomalies in the first days of a new metric receive a lower significance score.

The default times to catch anomalies in a new metric by time scale are:

Time scale

Default time to catch first anomalies
(in a new metric)

1 minute

1-2 days

5 minutes

2 days

1 hour

4 days

1 day

14 days

1 week

8 weeks

TIME TO CLOSE AN ANOMALY

An anomaly will start on the first data point that is outside of the baseline sleeve.

For an anomaly to be closed, we will need to have several data points inside the baseline in order to close an anomaly.

Note - Alerts that are opened but data does not arrive for 4 days, will be closed on the fourth day

The default times to close anomalies by time scale are:

Time Scale

Number of Data Points Required Inside  the Baseline to Close an Anomaly

1 minute

3

5 minutes

3

1 hour

2

1 day

2

1 week

1

TIME TO RESUME LEARNING

Whenever Anodot detect an anomaly, the AI will stop the learning of the normal behavior.

The reason is that if we learn the anomaly’s behavior too soon it might impact the baseline too early and later on can generate false positive alerts.

When an anomaly happens, Anodot stops the learning;  the time taken to resume learning depends on the time scale.

The default learning resume-time by time scale are:

Time scale

Time to resume learning

1 minute

Resume learning after 2.5 hours since the anomaly started

5 minutes

Resume learning after 3 hours since the anomaly started

1 hour

Resume learning after 5 hours since the anomaly started

1 day

Resume learning after 72 hours since the anomaly started

1 week

Resume learning after 3 weeks since the anomaly started

OTHER DEFAULTS

Other system defaults are:

  • Metrics limit -  The number of live, unique metrics based on customer’s contract. Breaching this limit will cause Anodot to ignore data points till the breach will be fixed or the limit will be increased.
  • EPS limit - The number of data points. Calculated over a period of 1 minute.
    For example 6K EPS means the limit is 360,000 points in one minute. By default a customer has 2K EPS and it will be increased based on the number of unique metrics package.
    This is the same for the events API limit.
  • Samples in a single request - A single API request may contain up to 10,000 samples.
    Larger requests should be broken to multiple, smaller requests. Our suggestion is to send up to 1000 data points per request.
    If more than 1000 data points are needed (up to 10,000) then it needs to meet the EPS limit.
  • # of Concurrent Data Connections - the maximum between 100 and the # of metrics/1,000 (i.e. for 1M metrics, 1,000 connections).
  • Tags limit - Tags can be associated to up to 500K metrics in one API call.
  • Composite limits - Composite can compose by default up to 80K unique metrics. This number can be increased up to 100K unique metrics in a composite.
  • Number of metrics in a single alert - The number of unique metrics in a single alert setting (without composite) is 150K unique metrics.
  • Number of configured alerts - the total number of alerts may not exceed 1000 alerts.
  • Max correlated alerts in one Anomaly - 2000 metrics can be correlated in one Anomaly.

Was this article helpful?
0 out of 0 found this helpful