Skip to content

Anomaly detection

Zenoss Cloud uses anomaly identification to determine whether any data points of key metrics are deviations from normal values. This feature makes it easier to investigate issues that are a few hours to a few months old, and is a supplement to traditional monitoring thresholds.

Key metrics are the most important metrics for assessing the health of an entity, as selected by Zenoss. Anomaly identification is only used on key metrics (list of key metrics) and anomaly visualizations (next image) are only seen in Smart View.

Isoforest (Isolation Forest)

Zenoss Cloud uses the isoforest (Isolation Forest) algorithm to identify anomalies. The algorithm searches for data points that are few in number and very different from other data points, and then creates a random tree of the paths required to separate a data point from the other data points in the sample. The data points with the shortest average path lengths in the resulting forest of trees are anomalous. The isoforest algorithm works very efficiently with large data sets and generates reliable results from small samples.

Zenoss Cloud performs an isoforest anomaly search every 4 hours.

Moving median absolute deviation

Zenoss Cloud calculates the median and the median absolute deviation (MAD) of a 30-minute window of data every 5 minutes. A data point is considered anomalous if its value is greater than 4.4 MADs from the median.

Key metrics

Key metrics are the most important metrics for assessing entity health, as selected by Zenoss. Anomaly identification algorithms only used on key metrics.

Device class Data source Metric
/

Command

blkio_bytes_total
cpuacct_usage
memory_usage
/


SNMP


cpu_cpu
ifInOctets_ifInOctets
ifOutOctets_ifOutOctets
mem_mem
/AWS/EC2

CloudWatch

CPUUtilization_CPUUtilization
NetworkIn_NetworkIn
NetworkOut_NetworkOut
/CiscoUCS



XML API



adaptorVnicStats_bytesRx
adaptorVnicStats_bytesTx
etherFcoeInterfaceStats_bytesRx
etherFcoeInterfaceStats_bytesTx
etherRxStats_totalBytesRx
etherTxStats_totalBytes
etherTxStats_totalBytesTx
fcStats_bytesRx
fcStats_bytesTx
swSystemStats_memAvailable
/CloudFoundry Command app_usageCPUAverage
app_utilDisk
app_utilMemory
appinstance_usageCPU
appinstance_utilDisk
appinstance_utilMemory
/CloudStack Command cloudstack_cpuUsedPercent
cloudstack_memoryUsedPercent
cloudstack_networkRead
cloudstack_networkWrite
/GoogleCloudPlatform Stackdriver cpuUtilization_cpuUtilization
/Network/Check Point SNMP memActiveReal_memActiveReal
memActiveVirtual_memActiveVirtual
/Network/Check Point/Gaia SNMP memActiveReal_memActiveReal
memActiveVirtual_memActiveVirtual
/Network/Cisco



SNMP



cpmCPULoadAvg15min_cpmCPULoadAvg15min
cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
ifInErrors_ifInErrors
ifOutErrors_ifOutErrors
/Network/Cisco APIC APIC eqptEgrTotal_bytesRate
eqptIngrTotal_bytesRate
/Network/Cisco/6500 SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/ACE SNMP cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/ASA SNMP cpmCPUTotal5min_cpmCPUTotal5min
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/ASR SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/ASR/9000 SNMP cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/CSR SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/FWSM SNMP cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/IDS Command device_cpuUsage
device_memoryUsage
/Network/Cisco/MDS SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/Nexus SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/Nexus/1000V SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/Nexus/1010 SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Network/Cisco/Nexus/9000

NX-API

resources_cpu_state_kernel
resources_cpu_state_user
resources_memory_usage_used
/Network/Cisco/Nexus/VSG SNMP cpmCPUMemoryUsed_cpmCPUMemoryUsed
cpmCPUTotal5minRev_cpmCPUTotal5minRev
/Nutanix API stats_hypervisor_cpu_usage_pct
/OpenStack/Infrastructure Ceilometer cpuUtilization_cpuUtilization
/Server ApacheMonitor apache_cpuLoad
/Server



SNMP



memAvailReal_memAvailReal
memAvailSwap_memAvailSwap
ssCpuRawSystem_ssCpuRawSystem
ssCpuRawUser_ssCpuRawUser
ssCpuRawWait_ssCpuRawWait
/Server/Cmd






Command






cpu_ssCpuRawSystem
cpu_ssCpuRawUser
cpu_ssCpuRawWait
disk_usedBlocks
intf_ifInOctets
intf_ifOutOctets
mem_memAvailReal
mem_memAvailSwap
/Server/Darwin



SNMP



memAvailReal_memAvailReal
memAvailSwap_memAvailSwap
ssCpuRawWait_ssCpuRawWait
ssCpuSystem_ssCpuSystem
ssCpuUser_ssCpuUser
/Server/Linux



SNMP



memAvailReal_memAvailReal
memAvailSwap_memAvailSwap
ssCpuRawWait_ssCpuRawWait
ssCpuSystem_ssCpuSystem
ssCpuUser_ssCpuUser
/Server/Linux/Dell



SNMP



memAvailReal_memAvailReal
memAvailSwap_memAvailSwap
ssCpuRawWait_ssCpuRawWait
ssCpuSystem_ssCpuSystem
ssCpuUser_ssCpuUser
/Server/Microsoft

Perfmon

DiskReadTime_DiskReadTime
DiskWriteTime_DiskWriteTime
MemoryAvailableBytes_MemoryAvailableBytes
/Server/Solaris



SNMP



memAvailReal_memAvailReal
memAvailSwap_memAvailSwap
ssCpuRawWait_ssCpuRawWait
ssCpuSystem_ssCpuSystem
/Server/SSH/AIX Command cpu_ssCpuSystem
cpu_ssCpuUser
cpu_ssCpuWait
disk_usedBlocks
ethTraffic_Receive_Bytes
ethTraffic_Transmit_Bytes
intf_ifInErrors
intf_ifOutErrors
io_read
mem_percentMemUsed
/Server/SSH/Linux Command cpu_ssCpuStealPerCpu
cpu_ssCpuUsedPerCpu
disk_percentUsed
intf_ifInOctets
intf_ifOutOctets
mem_MemUsedPercent
mem_SwapFree
uptime_laLoadInt5
/Server/SSH/Solaris Command intf_ifInPackets
intf_ifOutPackets
/Server/Windows SNMP lDiskDiskReadBytesPerSec_lDiskDiskReadBytesPerSec
lDiskDiskWriteBytesPerSec_lDiskDiskWriteBytesPerSec
memoryAvailableKBytes_memoryAvailableKBytes
/Server/Windows/Dell SNMP cpuPercentProcessorTime_cpuPercentProcessorTime
/Storage/EMC EMC API Array_ReadIOs
Array_WriteIOs
DiskExtent_TotalIOs
FEPort_TotalIOs
StorageProcessorSystem_ReadIOs
StorageProcessorSystem_WriteIOs
StorageVolume_ReadIOs
StorageVolume_WriteIOs
/Storage/EMC/Isilon API cluster_cpu_sys_avg_value
cluster_cpu_user_avg_value
cluster_disk_bytes_in_rate_value
cluster_disk_bytes_out_rate_value
node_cpu_sys_avg_value
node_cpu_user_avg_value
node_disk_access_latency_avg_value
node_memory_used_value
/Storage/EMC/Isilon SNMP clusterCPUSystem_clusterCPUSystem
clusterCPUUser_clusterCPUUser
clusterIfsInBytes_clusterIfsInBytes
clusterIfsOutBytes_clusterIfsOutBytes
clusterNetworkInBytes_clusterNetworkInBytes
clusterNetworkOutBytes_clusterNetworkOutBytes
nodeCPUSystem_nodeCPUSystem
nodeCPUUser_nodeCPUUser
/Storage/EMC/XtremIO API stats_cpu
stats_cpu_usage
stats_iops
/Storage/EMC/XtremIO Snapshot stats_iops
/Storage/NetApp SNMP cpuBusy_cpuBusy
/Storage/NetApp/7-Mode SNMP cpuBusy_cpuBusy
/Storage/NetApp/7-Mode ZAPI lun_avg_read_latency
/Storage/NetApp/C-Mode ZAPI lun_avg_read_latency
/vSphere API cpuUsagemhz_cpuUsagemhz
memConsumed_memConsumed
memUsage_memUsage