2023 11 15

Tags: monitoring victoria-metrics prometheus

Reading time: less than 1 minute

Z-score anomaly detection

I wanted to find times where the available memory of the machines had significant changes. Instead of using a fixed threshold, I decided to use a dynamic approach that determines anomalies using the Z-score.

Here’s the VictoriaMetrics query using ClickHouse metrics, but it should work with any value you track.

with (
    q = (ClickHouseMetrics_MemoryTracking / ClickHouseAsyncMetrics_OSMemoryAvailable),
    qnow = avg_over_time(q[5h]),
    qavg = avg_over_time(q[14d]),
    qstd = stddev_over_time(q[14d]),
    qz = ((qnow - qavg) / qstd),
    absqz = abs(qz)
) absqz

You can filter on absqz > 3 to get significant differences compared to recent values.

Citation

If you find this work useful, please cite it as:

@article{yaltirakli,
  title   = "2023 11 15",
  author  = "Yaltirakli, Gokberk",
  journal = "gkbrk.com",
  year    = "2024",
  url     = "https://www.gkbrk.com/journal/2023-11-15"
}

Not using BibTeX? Click here for more citation styles.

IEEE Citation

Gokberk Yaltirakli, "2023 11 15", May, 2024. [Online]. Available: https://www.gkbrk.com/journal/2023-11-15. [Accessed May. 17, 2024].

APA Style

Yaltirakli, G. (2024, May 17). 2023 11 15. https://www.gkbrk.com/journal/2023-11-15

Bluebook Style

Gokberk Yaltirakli, 2023 11 15, GKBRK.COM (May. 17, 2024), https://www.gkbrk.com/journal/2023-11-15

Table of contents

2023 11 15

Z-score anomaly detection

Citation

Comments

Follow me around

Search

More links

Recent comments