Anomaly Detection
The AnomalyDetectionController provides ML-based anomaly detection for metrics, logs, and traces. It identifies unusual patterns that may indicate performance degradation, security incidents, or infrastructure issues.
Anomaly Detection Configuration
AnomalyDetectionConfig Structure
| Field | Type | Description |
|---|---|---|
id | String | Configuration identifier |
name | String | Detection rule name |
metricQuery | String | PromQL query to monitor |
algorithm | String | Detection algorithm (zscore, mad, isolation_forest) |
sensitivity | double | Sensitivity threshold (0.0 to 1.0) |
trainingWindow | String | Historical window for baseline (e.g., 7d, 30d) |
evaluationInterval | String | How often to evaluate (e.g., 5m, 1h) |
enabled | boolean | Whether detection is active |
Configure Detection
Endpoint: POST /api/v1/observability/anomalies/configs
curl -X POST http://localhost:8088/api/v1/observability/anomalies/configs \
-H "Content-Type: application/json" \
-H "Authorization: Bearer ${TOKEN}" \
-H "X-Tenant-ID: 550e8400" \
-d '{
"name": "API Latency Anomaly",
"metricQuery": "histogram_quantile(0.95, rate(http_request_duration_seconds_bucket[5m]))",
"algorithm": "zscore",
"sensitivity": 0.8,
"trainingWindow": "14d",
"evaluationInterval": "5m"
}'List Configurations
Endpoint: GET /api/v1/observability/anomalies/configs
Active Anomalies
Endpoint: GET /api/v1/observability/anomalies/active
Returns currently detected anomalies.
Anomaly Structure
| Field | Type | Description |
|---|---|---|
id | String | Anomaly identifier |
configName | String | Detection config that found this |
metricName | String | Affected metric |
severity | String | low, medium, high, critical |
score | double | Anomaly score (higher is more anomalous) |
expectedValue | double | What the model expected |
actualValue | double | What was observed |
detectedAt | Instant | When the anomaly was detected |
status | String | active, acknowledged, resolved |
Anomaly Reports
Endpoint: GET /api/v1/observability/anomalies/report
AnomalyReport Structure
| Field | Type | Description |
|---|---|---|
period | String | Report time period |
totalAnomalies | int | Total anomalies detected |
bySeverity | Map | Anomaly count by severity |
byMetric | Map | Anomaly count by metric |
topAnomalies | List | Most significant anomalies |
trend | String | increasing, stable, decreasing |
Detection Algorithms
| Algorithm | Description | Best For |
|---|---|---|
zscore | Standard deviation from mean | Normally distributed metrics |
mad | Median Absolute Deviation | Metrics with outliers |
isolation_forest | Ensemble-based isolation | Multi-dimensional anomalies |