VictoriaMetrics provides anomaly detection capabilities to help identify unusual patterns in time series metric data that do not conform to expected behavior. Anomaly detection is especially challenging for metric data due to effects like trends and seasonality that can cause different anomaly patterns over time. Machine learning approaches are better than threshold-based alerting for detecting complex anomaly patterns in metric time series data. VictoriaMetrics' anomaly detection integrates well with its observability tools and supports contextual and collective anomalies while being simple to set up and debug.

2. VictoriaMetrics
Anomaly Detection
Dima Lazerka, co-founder of VictoriaMetrics
Fred Navruzov, Product Manager & Data Scientist

3. What is anomaly detection?
Anomaly detection (AD hereinafter) refers to the task of identifying unusual
patterns that do not conform to expected behavior
Such “patterns” can introduce significant challenges and losses to your business,
if not properly and timely treated
Monitoring is a hard task, AD itself is a harder task, and AD for time series data -
metrics measured over time - is the hardest due to specific effects, like trends,
seasonality or even different anomaly patterns:

4. Why AD is even harder for metrics data?
Point-wise anomalies
● Single instance(s) of data that is too far off from the rest.
These occur when a data sample significantly differs from the distribution of the data.
● Example: A sudden high reading on a patient's vitals could indicate a medical emergency.

5. Why AD is even harder for metrics data?
Contextual anomalies
● Data points that deviate significantly under a specific context but not otherwise.
● Example: A high energy usage in the daytime might be normal but would be considered an anomaly at
night when everyone is asleep.

6. Why AD is even harder for metrics data?
Collective anomalies
● A set of data points that collectively deviate from the expected behavior, even if the individual data
points may not be anomalies.
● Example: A series of login attempts from the same IP address in a short period can be considered a
collective anomaly.

7. Why ML for anomaly detection?
● Challenges caused by time series nature of metrics, make simpler
approaches, like threshold-based alerting way less effective for
complex patterns (seasonality, collective anomalies, etc.)
● Manual handling of complex metrics doesn’t scale with the
growth of your data

8. Anomaly Detection @
VictoriaMetrics

9. Why VictoriaMetrics Anomaly Detection?
● Is simple to set up and to debug
● Integrates well with VictoriaMetrics observability ecosystem
Guide(+node_exporter +vmagent +vmalert)
● Contextual anomalies support (i.e. seasonality)
● Collective anomalies support (i.e. multiple metrics interaction)

10. ● Seamless integration with Node_Exporter
○ Know what metrics to measure, with which models and with what alerts
● GUI for easier setup and configuration
○ Convenient way to set up, tweak and evaluate
vmanomaly on your data
○ Easier backtesting of AD models to evaluate performance
Development plans

11. Development plans
● More docs!
○ Handbook on anomaly detection and root cause analysis
● Root Cause Analysis
○ Firing an alert about particular metric doesn’t guarantee we have found the exact cause and the
overall problem is solved
○ Estimate a causal network of “which caused” what in your metrics,
highlight anomalies and drill down your incidents to potential root causes
○ PoC with UI equipped is ready to be explored, please contact us and request a demo

12. Try it out
Being a part of VictoriaMetrics Enterprise, vmanomaly is still
available for testing purposes - please request a trial license here or
contact us to give it a try!

13. Thank you!
Have questions left?
Contact Us