Anomaly Detection

Oodle automatically identifies unusual patterns in your metrics and logs, helping you catch issues before they impact your users.

Overview

Anomaly detection helps you:

• Detect Issues Early: Automatically identify unusual patterns before they become critical problems
• Reduce Alert Noise: Focus on genuine anomalies by blocking repetitive or irrelevant patterns
• Compare Historical Patterns: Understand how current behavior differs from your historical baselines
• Prioritize Issues: Anomalies are ranked by severity to help you focus on what matters most

How It Works

Oodle continuously monitors your infrastructure and applications, automatically detecting:

• Metric Anomalies: Unusual behavior in your infrastructure and application metrics
• Log Anomalies: New or unusual patterns in your error logs

When anomalies are detected:

• They appear on the Anomalies page for you to review
• You can set up alerts to be notified immediately
• You can block repetitive or expected patterns to reduce noise

Types of Anomalies

Metric Anomalies

Oodle detects unusual patterns in your infrastructure and application metrics, including:

• CPU Throttle: Services experiencing CPU throttling
• High Node CPU: Nodes with unusually high CPU usage
• Service Communication Errors: Communication issues between services
• API Errors: High error rates in your APIs
• Container Restarts: Containers restarting unexpectedly
• High Memory: Services with excessive memory usage
• Pod Phase Issues: Pods in problematic states (e.g., CrashLoopBackOff)

Log Anomalies

Oodle identifies unusual patterns in your logs by detecting:

• New Patterns: Error messages that haven't appeared before
• Spikes: Sudden increases in existing error patterns
• High Volume: Recurring errors with unusually high occurrence rates

Each anomaly shows whether it's a new issue or a recurring problem, helping you prioritize your response.

Using the Anomalies Page

The Anomalies page (/anomalies) provides three main tabs:

Anomalies Tab

View all detected anomalies with comprehensive filtering and details:

• Filters: Filter by type (metrics/logs), subtype, cluster, namespace, or service
• Time Range: Select the time window to view anomalies
• Details: Click on any anomaly to see:
  • Trend charts showing the anomaly over time
  • Related logs (for log anomalies)
  • Metric queries (for metric anomalies)
  • Labels and metadata

Detectors Tab

Control which types of anomalies to detect:

• Toggle individual detector types on/off
• Changes save automatically
• Useful for temporarily disabling noisy or irrelevant detectors

Spam Tab

Manage blocked anomalies to reduce noise:

• Search: Search through blocked anomalies to find specific items
• View Blocked Items: See all anomalies you've blocked
• Unblock: Remove items from the blocklist to allow them to appear again

When you block an anomaly, it won't trigger alerts or appear in your anomaly feed, keeping your view focused on what matters.

Best Practices

1. Review Regularly: Check the Anomalies page regularly to catch emerging issues early
2. Block Noise: Use the blocking feature to suppress known non-issues or expected patterns
3. Create Targeted Alerts: Set up alerts for specific anomaly types that are most critical to your operations
4. Investigate Recurring Anomalies: Pay attention to recurring anomalies, as they may indicate persistent underlying issues
5. Use Filters: Filter by cluster, namespace, and service to focus on specific areas of your infrastructure