2023 11 15


Tags: monitoring victoria-metrics prometheus
Reading time: less than 1 minute

Z-score anomaly detection

I wanted to find times where the available memory of the machines had significant changes. Instead of using a fixed threshold, I decided to use a dynamic approach that determines anomalies using the Z-score.

Here’s the VictoriaMetrics query using ClickHouse metrics, but it should work with any value you track.

with (
    q = (ClickHouseMetrics_MemoryTracking / ClickHouseAsyncMetrics_OSMemoryAvailable),
    qnow = avg_over_time(q[5h]),
    qavg = avg_over_time(q[14d]),
    qstd = stddev_over_time(q[14d]),
    qz = ((qnow - qavg) / qstd),
    absqz = abs(qz)
) absqz

You can filter on absqz > 3 to get significant differences compared to recent values.

Citation

If you find this work useful, please cite it as: 
@article{yaltirakli,
  title   = "2023 11 15",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2024",
  url     = "https://www.gkbrk.com/journal/2023-11-15"
}
Not using BibTeX? Click here for more citation styles.
IEEE Citation
Gokberk Yaltirakli, "2023 11 15", November, 2024. [Online]. Available: https://www.gkbrk.com/journal/2023-11-15. [Accessed Nov. 12, 2024].
APA Style
Yaltirakli, G. (2024, November 12). 2023 11 15. https://www.gkbrk.com/journal/2023-11-15
Bluebook Style
Gokberk Yaltirakli, 2023 11 15, GKBRK.COM (Nov. 12, 2024), https://www.gkbrk.com/journal/2023-11-15

Comments

Search

More links

This page is valid HTML. Click to validate.

It's not actually valid? Send me an email.

© 2024 Gokberk Yaltirakli