Defining Advanced Alert Conditions

When defining alert conditions (see Step 4 in How to create an alert) you can define a number of additional (optional) conditions that enable you to fine-tune your alert.

Important: An alert is triggered only when the conditioning metrics meet the additional specified conditions. For example, where more than one Influencing Metrics condition is defined in the alert, all the Influencing Metrics conditions must be met for the alert to trigger.

These additional conditions include the following:

• Auto-Tuned Settings (including minimum delta settings, when to override the delta duration period, and when to ignore low volume anomalies)
• Show incidents with events
• Number of Metrics in an Anomaly
• Metrics Values in an Anomaly
• Add Influencing Metrics

Defining Auto-Tuned Settings

The Auto-Tuned Settings section includes three main options that enable you to automatically tune your alert conditions.  

Setting a Minimum Delta Value

Set the Minimum Delta of the metric value as either an absolute value, percentage, or both; this sets a minimum delta of the metric value from the normal range.

Note: If the Automatic option switch is selected, Anodot sets a minimum delta of 10%. This calculation is based on the 90th percentile of the average values of the metrics in the alert. For a single metric, the minimum delta is 10% of its average value. The minimum delta is recalculated and updated periodically.

However, be aware of a monitoring phenomenon known as "Single Dip". In such a situation, there are data points (mostly because of a data streaming issue) below the delta defined. Note that for illustration purposes, we added the blue arrows below to demonstrate the delta.

As can be seen in the image above, a single data point exceeded the delta and therefore would generate an alert. If you would like to filter such alerts, use the Override Delta Duration option, as described below.   

Defining when to Override the Delta Duration

Select the Override Delta Duration checkbox to set the threshold above which an alert will be triggered. Note that the value for this is bound by the time duration and minimum duration you defined initially for the alert. For example, if you have set a minimum duration of 30 minutes, you can define an override period which is up to 30 minutes.  

Ignoring Low Volume Anomalies

The Low Volume Condition alert is designed to help reduce alert false positives. This condition will automatically ignore high/low values, according to the alert's metrics.  

IMPORTANT: An alert is triggered only when the alert's metrics meet the specified condition value (the condition is applied on metrics with the “counter” aggregation type). If the low volume condition is off, (i.e., Ignore Low Volume Anomalies is not selected), the condition will be disregarded.

1. Select the Ignore Low Volume Anomalies checkbox. Note that this will not trigger an alert if the value is in the past. 
   
   
2. Turn off the Automatic option switch.
   Note: If Automatic is selected, the low volume condition will automatically apply to each new alert created from counter metrics. The metric value is recalculated and updated periodically. You can also set a different value.
3. Set the metric value. The Low Volume Condition alert is not triggered if the metric value is lower/higher than the set value in the defined time interval (based on what you defined in the basic alert conditions). If the specified duration is more than “1”, the value is compared to the sum of the data points in the given period.

Show incidents with events

1. Click the Show incidents with events option switch.
   
   
2. Select the relevant events using their title, description, source, category or other properties. If you want to also use them as influencing events, select the Influencing Events checkbox. See also Influencing Events for further information.
   Note: You can also search for relevant events, as described in Viewing Events in Dashboards.

Defining the number of Metrics in an Anomaly

1. Click the Number of metrics in an anomaly option switch.
2. Define the Minimum number of metrics (the minimum number of metrics in an anomaly to trigger the alert) or Maximum number of metrics (the maximum number of metrics in an anomaly to trigger the alert), or both.
   
   Note: You can set the maximum or minimum either as absolute values or percentages, or both.

Defining Metrics Values

1. Click the Metrics values in an anomaly option switch.
2. Define the metric value that will trigger the alert if it drops Below or is Below & Equals to the entered value.
   

Adding Influencing Metrics

You can select relevant influencing metrics to which the conditions will be applied.

1. Click the Add button to display the Influencing Metrics dialog box.
   
   
   
   
2. Click Select a Measure to define a metric, the same way you would in any Metrics expression. 
   Note: There is no limit to the number of metrics you can add, but the 'what' of the metric must be a single 'what'; for example anomalies_simulation_hit_rate. 
3. Set a condition on the metric values. The condition can be one of the following:
   - Greater than a value you set
   - Greater than or equal to a value you set
   - Less than a value you set
   - Less than or equal to a value you set
   - In the range of a value you set
   - Not in the range of a value you set
4. Set the value or value range, depending on the condition you selected in Step 3.
5. Set the time properties by which the metrics will be aggregated [in the last Hour / Day / Week], and if to use the values Before or During the anomaly.
6. Select the Send alerts even if the influencing metric is missing checkbox to send alerts if the influencing metrics are not found.