Splunk ITSI: Adaptive Thresholds and Anomaly Detection

Service monitoring is traditionally based around comparing measurable values, known as KPIs or Key Performance Indicators, against a set of the threshold values. In theory the operations team determines what the thresholds for warnings and alerts should be and sets them. In practice, the operations team often have no idea what these values should be. For example, the definition of “normal response time” usually varies based on the time of day. In the middle of the night when the server load is minimal, response times should also be minimal. But as the workday starts and server loads increase, the thresholds should be somewhat more lenient. So the first improvement in Splunk ITSI is adding the ability to set time-dependent thresholds. This allows operations to more closely match the alerts to…


Link to Full Article: Splunk ITSI: Adaptive Thresholds and Anomaly Detection