The Anomaly Detection component of Skylar Analytics uses Skylar AI to identify unusual patterns that do not conform to expected behavior. Anomaly Detection provides always-on, unsupervised, machine-learning-based monitoring that automatically identifies unusual patterns in the real-time performance metrics and resource data that it observes.
You can view a list of all devices that have metrics being monitored for anomalies on the corresponding Device Investigator or Service Investigator pages.
To use anomaly detection on the SL1 Extended Architecture, you must enable the Collector Pipeline to collect data from Performance Dynamic Applications. For more information, see
Use the following menu options to navigate the SL1 user interface:
- To view a pop-out list of menu options, click the menu icon (
). - To view a page containing all of the menu options, click the Advanced menu icon (
).
What is Anomaly Detection?
Anomaly detection is a technique that uses machine learning to identify unusual patterns that do not conform to expected behavior. Anomaly detection provides always-on, unsupervised machine learning-based monitoring that automatically identifies unusual patterns in the real-time performance metrics and resource data that it observes.
Anomalies do not necessarily represent problems or events to be concerned about; rather, they represent unexpected behavior that might require further investigation.
Anomaly detection is calculated and displayed in the SL1 user interface for all Performance Dynamic Applications. This detection is enabled by default and cannot be disabled. You can control which device data gets sent to Skylar for analysis based on the organization aligned with the device or devices. All devices in the selected organization will get anomaly detection analysis.
For more information, see Enabling Skylar Analytics for One or More SL1 Organizations.
Viewing Graphs and Data for Anomaly Detection
After SL1 begins performing anomaly detection for a device, you can view graphs and data about each anomaly. Graphs for anomalies appear on the following pages in SL1:
-
The Anomaly Detection page, available from the Skylar AI (
) page. -
The tab in the Device Investigator.
-
The Anomalies widget in the Service Investigator for a business, IT, or device service.
You can view the anomaly detection graphs for the metrics by clicking 
)
The "Anomaly
The second graph displays the following data:
- A blue band representing the range of probable values that SL1 expected for the device metric.
- A green line representing the actual value for the device metric.
- A red dot indicating anomalies where the actual value appears outside of the expected value range.
You can hover over a value in one of the charts to see a pop-up box with the Expected Range and the metric value. The Anomaly Index value also displays in the pop-up box, with the severity in parentheses: Normal, Low, Medium, High, or Very High.
You can zoom in on a shorter time frame by clicking and dragging your mouse over the part of the chart representing that time frame, and you can return to the original time span by clicking the button.
Using Anomaly Detection to Trigger Events
You can use anomaly detection to trigger an event or to add extra criteria to an event policy. For example, you could specify that if an anomaly occurs five times within 10 minutes, SL1 should trigger an event. For more information, see Creating an Event Policy for Anomalies.
Because anomalies do not always correspond to problems, ScienceLogic recommends creating an event policy only for scenarios where anomalies appear to be correlated with some other behavior that you cannot otherwise track using an event or alert.
Using Anomaly Detection to Trigger Run Book Actions
You can also use events based on anomaly detection to trigger run book automation actions that perform further diagnostics or send notifications. For more information, see Using Anomaly-related Events to Trigger Automated Run Book Actions.