Better Understand Your Complex Environments with Unomaly 3.4

Over the past several weeks, we’ve been working on Unomaly 3.4. In this series of releases, we’ve dedicated our efforts to creating the tools to help you understand your complex environments, slice and dice your data and provide clues for where to look when things go wrong.

Compare Systems

Often you wonder, “why is this system behaving differently from another system even though they are supposed to do the same thing?” Similarly, wouldn’t it be wonderful to compare logs after you’ve done an upgrade before rolling your change out to every system?

The new compare systems feature allows you to visually compare the log event profiles between two systems to see what events are shared between them and which events are unique to each system.

This feature will give you a quick overview on what is different between two systems and help you find potential problems or unexpected changes. As always we’d love to hear how you use the comparison capability and if there is anything we can improve!

Reducing noise / misclassified anomalies

Over the past weeks we’ve been working closely with one of our customers to reduce the amount of anomalies and situations in their environment as several log events were classified as anomalous, but they weren't. The results of this work are now flowing into the product and becoming available for everyone.

The first change has been deployed for all new installations of Unomaly and we will be reaching out to you soon to enable this on existing installations.

The second change to reduce noise is available in this release as our new sensitivity setting. Sensitivity allows you to set the speed that Unomaly merges log events with different parameters to learn the normal behavior of your systems. By lowering the sensitivity of Unomaly’s learning algorithm, Unomaly will learn normal behavior faster and produce less parameter anomalies.

Recognizing similar log events faster will result in fewer misclassified anomalies overall, however this will reduce the number of parameter anomalies that are detected.

Coming Soon: Multi-Transforms

In some cases log events are complex and our algorithm could use some human assistance to make sense of them. Our algorithm tokenizes log events and for some complex log events it just gets them wrong. With transforms you can help the algorithm in deciding what is a parameter and what is not. Our next release will add the ability to apply rules for merging multiple tokens per log event to reduce noise.

This gives you additional control over how Unomaly learns, as opposed to adjusting your sensitivity threshold which is algorithmically determined. Overall, these merges can improve how Unomaly learns your systems and detects changes throughout your environment.

Over the past few releases, we’ve also added features that allow you to explore workflows in your data, an exclude option in the filter and a change with system components and network settings.

View our release notes for a full list of all updates in Unomaly 3.4 and to upgrade.

Written by Tony Albanese
on June 19, 2019