Unomaly analyzes log data from software systems. All you need to do is configure the system to forward data to a Unomaly instance. Regardless of the format, Unomaly automatically tokenizes the structure of the data, learns the frequency and structural patterns, and builds models of the data. When problems happen on a system, new or different data is created. Unomaly detects these anomalies, presents them in the user interface, and lets you define actions and alerts to track known events.

Here you will find guides to help you get started using Unomaly and become a more advanced user. You will also find best practices for using and administrating Unomaly.

The Unomaly user interface

When you log into Unomaly, you are taken to the main page:

Unomaly Situations

The main page shows you:

  • The systems where you data comes from.
  • The list of situations and anomalous events detected in your systems.
  • A filter bar to investigate situations with conditions or free-text search.

Systems and groups

All data that enters Unomaly are tied to an originating software system, which may be a server, container, or applications. You can configure systems to send their data to Unomaly using log shippers, standard data protocols, such as syslog, or one of our pre-built integrations to collect data from other technologies. Read more about “Getting data into Unomaly”.

Each system has a system profile in Unomaly. The system profile is a collection of the different types of events that the system generates under normal conditions. The events are organized by their frequency. Refer to the system profile for a better understanding of how each system behaves under normal conditions. Read more about “How Unomaly learns behavior”.

Systems can be organized into groups. Grouping systems gives you an overview of your data for related systems and lets you work across systems. Read more about how to “Organize systems into groups”.

Situations and anomalies

As Unomaly analyzes data, it detects anomalies by identifying the data that does not follow historic patterns for the system. Unomaly clusters anomalies that are related in time and system as a single situation. Each situation has a score to indicate the type of anomaly that is most significant in the situation. You can expand a situation to see all the anomalous events that are part of it. Read more about how to “Investigate situations”.

Here is an example of a situation on the system deploy-staging that happened 5 days ago. It contains one anomaly and has a score of 7. The event itself is an ERROR 500 caused by a bug when a user adds a new group with the name that is already taken.

Situation

Comments and collaboration

As you review anomalies and alerts in the user interface, you can collaborate with colleagues to share discoveries or investigate and resolve issues faster. The simplest way to involve another member of your team is to add a comment to a situation. When you mention a colleague, they will be notified about the situation and comment. Read more about how to “Comment and share discoveries”.

Here is an example of the user goran asking johnny about an issue. Upon sending this, Johnny will get an email and a link to respond to the message.

Add a comment

Known events

For anomalies that you want to track specifically, you can create a Known. Knowns use simple pattern matching objects with your information to detect repeating issues. When you create a known, you add descriptions and tags to the event to explain what the event means and how to resolve it. Read more about “Add knowns to prioritize event scoring”.

Here is an example of a known that instructs the algorithm how to find this event again (parts to match) and to classify it as a warning. A tag with this information will be added to any future data matching this event.

Create new known

Actions and notifications

Actions let you to define how Unomaly responds to triggers and conditions in systems and situations. When one of your systems goes offline or when the production environment produces significant anomalies, you want Unomaly to take action. This action can be to send an email to a specific user, to post to a team chat room, or to flag the event for you to review later. Read more about how to “Configure actions and notifications”.

You can add a custom action to post to external solutions, such as a team chat room. Unomaly provides integrations to common solutions (such as Slack, HipChat, and Microsoft Teams) which you can install and configure to use with actions. See Unomaly Plugins and Integrations.