The anomaly detector examines the time-based data in the log records in the specified time interval according to the defined queries and filters, and detects anomalies that fall within the threshold value.

Actions can be added if an anomaly is detected.

In this content, anomaly due diligence will be performed in the last 1 hour in all API Proxies with the same project. Respectively; current query creation, filter creation, threshold setting, job scheduler creation and action determination events will be explained.

Generating General Description of Anomaly Detector

In the first step, the descriptive information of the job is entered. The most important area here is the environment information option. Query and filters are run on the log server in the selected environment information.

Creating a Query

Expected states are created by combining the query with certain fields (HTTP Method, Error Type, etc.) that will match the log records and criteria and/or/not types.

To create a new query, click the New Query button in the Query section.

The query created when the Save button is clicked is added to the job being defined.

Click to go to the Queries screen where all queries are managed and to get detailed information.

Creating a Filter

Filters are applied with queries. Contains the criteria that log records will match.

To create a new filter, click the New Filter button from the Filter section.

The filter created when the Save button is clicked is added to the job being defined.

Click to go to the Filters screen where all filters are managed and to get detailed information.

Determining the Threshold Value

The percentile value of the threshold value is calculated with the following formula by calculating the query and filter results.

Satisfying the condition defined here means that the faulty condition has occurred.

Threshold = (Total number of results of the query + Total number of results of the filter) / total number of results of the filter

Action Description

When the unrecognized condition of the threshold value is met, it is desired to be informed via the e-mail sending action.

The image below describes the action of sending an email with the result of the job regarding the time the error was received, the request address, and the error message.

Click to get information about the types of actions, the use of the action and the variables in the task.

Result of Action

When the job runs and the threshold value is exceeded, an email is sent to the recipients as in the image below.

Creating a Job Scheduler

The defined job can be run manually or triggered via the cron definition.

Since the job description in this content is set to run at 1-hour intervals, the following information is visible.

Examining the Details of the Job

If an error is received, it may be necessary to find the reason for it, or if it is desired to examine the general log records of the process and make filtering on them, the detail page of the monitor record should be visited.

Detailed information can be obtained by clicking the detail icon in the relevant log record.