Advance functions

Anomaly Detection

Anomaly detection is a powerful monitoring feature that uses algorithmic analysis to automatically identify unexpected behavior in metric data. Traditional threshold-based alerting often fails to account for trends, seasonality, or complex fluctuations in metrics. Anomaly detection algorithms overcome this limitation by analyzing historical patterns to establish dynamic boundaries, making it possible to detect deviations from normal behavior even as the data changes over time. Kloudfuse provides 4 Anomaly detection algorithms.

Key Arguments

Rolling Window Size:

1. The rolling window size is used to calculate the standard deviation (std) for setting the band limits around expected values, which helps define the "normal" range.

   • A larger window size smooths the standard deviation calculation, reducing sensitivity to short-term fluctuations and providing a stable range for expected behavior. However, this may delay detection of rapid changes.

Bands :

1. Band 1 (Narrow): Sets a tight range around expected values, making the algorithm highly sensitive to even small deviations. This band is ideal for detecting subtle anomalies, which could be early indicators of a potential issue.

2. Band 2 (Moderate): Offers a balanced range, capturing moderate deviations without excessive sensitivity to minor fluctuations. This is suitable for general anomaly detection, where both significant and moderate changes are relevant.

3. Band 3 (Wide): Provides the widest range, capturing only large deviations from the expected values. This is useful for minimizing false positives, focusing only on major anomalies that could indicate significant issues.

Seasonality :

Selects a single primary seasonal pattern based on the expected periodicity of the data. For instance, Daily seasonality is ideal for data that follows a consistent daily pattern, while Weekly is useful for data that repeats weekly.

Basic (Rolling-Quantile)

• Key Arguments

  1. Rolling Window Size

  2. Bands

Open

Fig-1 Basic Anomaly

Agile(SARIMA)

Open

Fig-2. Agile with band = 1

Robust(Seasonal Decompose)

• The Robust Anomaly Detection algorithm uses seasonal decomposition to separate trend, seasonal, and residual components, making it effective for metrics with stable, well-defined seasonality and trend patterns. It’s ideal for metrics with predictable cycles, like weekly peaks in web traffic, where regular seasonal trends need to be accounted for in anomaly detection.

• Key Arguments

  1. Rolling Window Size

  2. Bands

AgileRobust(Prophet)

• The Agile Robust Anomaly Detection algorithm leverages the Prophet model to detect anomalies in metrics with complex seasonal patterns and trend shifts. Prophet is designed to handle multi-seasonality patterns with underlying trends and is particularly effective for metrics that show strong seasonal cycles alongside irregular level shifts. This makes it ideal for metrics that combine predictable patterns with occasional, unpredictable changes.

  • Key Arguments

    1. Seasonality

Outlier Detection

Kloudfuse platform provides ability to perform outlier detection on underlying data. Outliers monitoring is effective when looking out for deviation in behavior in comparison to other similar entities in the cluster. For example, CPU usage per pod for a service with 3 replicas should be similar across all 3 pods. If one pod uses more or less CPU then others then it is an outlier. Kloudfuse provides following algorithms for outlier detection:

• DBSCAN: (density-based spatial clustering of applications with noise) is a popular clustering algorithm.

Forecasting

Forecasting allows you to predict future values of a metric based on historical data trends, helping you anticipate changes and plan resources proactively. By analyzing past patterns, forecasting algorithms can model trends, seasonal behaviors, and cyclical patterns, creating forward-looking insights that support decision-making and preemptive action.

Forecasting is especially useful for metrics that follow consistent trends or seasonal cycles, such as user traffic, CPU utilization, or application performance metrics. For example, forecasting can help you predict daily traffic peaks on a website or anticipate CPU load during specific times of the week, allowing teams to allocate resources accordingly.

Kloudfuse offers two forecasting algorithms to help users anticipate metric behavior.

Linear regression

Linear forecasting in Kloudfuse is powered by PromQL’s linear regression capabilities, allowing straightforward prediction of future metric values based on a consistent linear trend. This approach is ideal for metrics that demonstrate steady growth or decline over time, without strong seasonal fluctuations. For example, linear forecasting can effectively model gradual increases in memory usage or a steady upward trend in active user counts.

Seasonal (Prophet)

Seasonal forecasting leverages the Prophet model to capture metrics with strong, regular seasonal patterns. Prophet is particularly effective for metrics that show predictable hourly, daily or weekly cycles, such as website traffic or workload variations that repeat over time. By modeling these recurring patterns, Prophet-based forecasting provides more accurate predictions for metrics with complex seasonal behaviors.

• Key Arguments

  1. Seasonality

Auto Alerting: Hawkeye

Kloudfuse Analytics provides auto alerting feature on various entities, out of the box. In most cases, these require simple configuration and the auto alerting internally uses the advance functions that the kloudfuse platform supports/provides to monitor your cluster.

Having the required data and the unification of streams is central to Kloudfuse platform being able to do the auto alerting. Hawkeye service is designed to monitor user controllable entities in their infrastructure for abnormal behavior depending on the entity in an intelligent fashion.

Anomalies: Services

Knight discovers peer to peer communication between services automatically. The communication is tracked for various protocols. The discovered services and their connection to other services (entities) is discovered (and shown in the service list UI). The service map is also discovered using the communication as edges. Each of the service list and service map records the RED metric for the service or the edge.

Using this data, HawkEye looks for anomalies in real-time fashion using state-of-the-art statistical learning algorithms or service level objectives as configured. If an anomalous behavior is detected then an alert is raise which is then evaluated by BullsEye.

This feature is not enabled by default. Contact us for more information. Follow these steps to enable.

Outliers: Resources *

Using Kubernetes data Kloudfuse automatically monitors resource consumption for outliers.

Forecasting: Persistent Volumes *

Using Kubernetes data Kloudfuse automatically monitors the forecasted behavior of persistent volumes to watch out for capacity exhaustion.

BullsEye: Auto Analysis

Bullseye service is designed for analyzing signals, correlating them with signals within the same stream or across the streams. This analysis helps reduce the effort required to debug issues and narrowing down problematic areas in minutes.

Configuring Bullseye to run analysis when an alert fires, or an ad-hoc basis is possible. Please follow these steps to enable.

Bullseye is also configured to be executed for all alerts/signals monitored by Hawkeye using auto alerting.