Reliability

Anomaly Detection

EWMA baselines flag points that deviate >3σ from learned normal.

▸ How it works

`Analytics.BaselineWorker` updates `metric_baselines` every minute: a rolling EWMA of recent values plus an EWMA of the squared deviation gives an online estimate of (μ, σ). Anomaly alert rules fire when `|value − μ| > k·σ` with `k` configurable (default 3). The forecast rule kind uses Holt-Winters double-exponential smoothing to predict the next N minutes and fires if the predicted value will breach a threshold.

▸ What this lets you do

✓ Catch deviations without setting absolute thresholds — works for everything
✓ Forecasted breach alerts give you minutes of warning instead of seconds
✓ Predicted-band overlay on charts shows expected range visually
✓ Pure-Elixir implementation, no extra deps

▸ Get it running

1 Send metrics normally — baselines build automatically
2 Open `Alerts` → `+ New rule` → `kind = anomaly`
3 Set the metric and the k-σ threshold

▸ Code examples

Open `Alerts` → click `+ Rule`, then fill the form:

  Name        Latency anomaly on api
  Kind        Anomaly
  Metric      http.server.duration_ms
  Service     api
  Aggregate   p95
  k-sigma     3.0
  Window      300 s

Save — `BaselineWorker` already maintains (μ, σ) for every
(metric, service) pair, so the rule starts firing as soon
as the next evaluation lands (within ~60 s).

Where to find it

/app/p/:org/:project/alerts

Open in app →