.net.net 4.net 4.5.net apm.NET Application Performance.NET Applications.NET Best Practise.NET Core.NET Monitoring.NET PerformanceABAPACAADDMADO.NETagent lifecycleagent of transformationAgents of TransformationAgile & DevOpsAgile & DevOpsAgile DevelopmentAgile OperationsAgile OpsAIAI/MLAIOpsalert fatigueAmazon EC2Amazon EKSamazon web servicesanalyst reportAnalyticsandroidAndroid monitoringanomaly detectionanti-patternsAoTAPACapacheAPCApdexapiAPI MonitoringApicaAPMAPM Analyticsapm application performance monitoringAPM Best PracticeAPM Best PracticesAPM Business MetricsAPM IntegrationAPM Marketapm monitoring toolsapm solutionsAPM Thought LeadershipAPM VendorsAPMaaSapp attention indexApp Attention Index 2019App Attention Index 2023app dynamicsApp Manapp ownerappd summitappd summit europeappdynamicsappdynamics apmappdynamics certificationAppDynamics CustomersAppDynamics DevOpsAppDynamics EUMappdynamics flowmapAppDynamics for AzureAppDynamics for DatabasesAppDynamics for MobileAppDynamics Growthappdynamics liteAppDynamics Partnersappdynamics pricingAppDynamics ProAppDynamics REST APIAppDynamics SaaSAppDynamics SAP MonitoringAppDynamics SuccessAppDynamics Universityappdynamics xapplicationapplication developmentApplication DiagnosticsApplication ElasticityApplication IntelligenceApplication Intelligence PlatformApplication Mappingapplication monitoringapplication monitoring for PCFapplication observabilityApplication PerformanceApplication Performance ManagementApplication Performance MonitoringApplication Runbook AutomationApplication ScalabilityApplication SecurityApplication Supportapplication testingAppSecappsec prioritizationappsphereappsphere 2015appsphere 2016artificial intelligenceASMASP.NETASP.NET Monitoringatlassianauto-scalingautomationAvailability MonitoringawardsawsAWS Cloud Connectoraws ec2AWS Elastic Container ServiceAWS LambdaAWS re:InventazureAzure Cosmos DBAzure FunctionsAzure MonitoringBackend MonitoringbankingBehavioral Learningbest apm toolsbetaBig DataBig Data AnalyticsbizdevopsBlack FridayblockchainBrowser AgentBrowser Monitoringbrowser real user monitoringbrowser rumBrowser Synthetic MonitoringBTMbusinessBusiness Activity MonitoringBusiness ImpactBusiness Intelligencebusiness iqbusiness journeybusiness journeysBusiness Metricsbusiness outcomesbusiness risk observabilitybusiness risk scorebusiness risk scoringbusiness transactionbusiness transaction insightsBusiness Transaction ManagementBusiness Transaction Performancebusiness transaction securityBusiness TransactionsBusinessiQC++CACA WilyCareercase studyCassandraCDEMChatGPTCI/CDCICSCIOciscoCisco AppDynamicsCisco AppDynamics OpenAI MonitoringCisco Application Centric InfrastructureCisco Cloud ObservabilityCisco Full-Stack ObservabilityCisco Intersightcisco intersight workload optimizerCisco LiveCisco Live 2022Cisco Live 2023Cisco Live 2023 AmsterdamCisco Live 2023 MelbourneCisco Live EMEACisco Observability PlatformCisco Secure ApplicationCisco ThousandEyesclient side performanceCloudcloud architecturecloud automationCloud BurstingCloud Deploymentcloud foundrycloud foundry foundationCloud MigrationCloud MonitoringCloud NativeCloud Native Computing Foundationcloud native observabilitycloud native securitycloud observabilitycloud orchestrationcloud planningcloud pricingCloud Scalingcloud securitycloudwatchcluster monitoringCMDBCNCFcodingCognition Enginecognitive operationscollaborationCompuwareCompuware Vantageconcurrent collectionsconferencecontainerscontinuous integrationcovid-19CPU Burncrash courseculturecustom dashboardscustomer DEMcustomer experienceCustomer LoyaltyCustomer SuccessCyber MondayDashboarddashboardsData Clouddata privacydata securitydatabasedatabase monitoringdatabase performanceDatabase Performance Monitoringdb2Deep DiagnosticsDEMDeploying APMdeveloperdevelopersDevelopmentdevelopment lifecycleDevOpsDevOps AppDynamicsDevOps Best PracticesDevOps Culturedevops lifecycledevopsdaysDevSecOpsdigital experienceDigital experience monitoringdigital transformationdigital trustDisaster RecoverydiscoverydockerDockerfiledowntimedowntime costdynamic baselinesDynatracee-commerceEase-of-UseecommerceeCommerce MonitoringECSedge computingeducationEKSelasticsearchEnd User ExperienceEnd User Experience MonitoringEnd User MonitoringEnterpriseEnterprise APMEnterprise deploymenterrorsETLEUEUEMEUMEuropean UnionEvaluating APMEventeventsexperience economyextensionsfasterfederal customersFedRAMPfinancefinancial servicesflame graphsFlutter Agentfog of developmentforresterForrester APMfull application stackfull-stack observabilityGartnerGartner APMGartner APM Magic QuadrantGartner Magic QuadrantGartner MQGDPRGeneral Data Protection Regulationghostglassdoorgogo langGomezGoogle Cloud FunctionsGovAPMgovernmentGrafanagrafana pluginguided tourHadoophealthcareHealthCare.govhhvmHigh AvailabilityHIPPAhistory of programminghybrid cloudhybrid cloud observabilityhybrid workIaaSIBMIBM DataPowerIBM Think 2019idcIISIIS Monitoringindustry insightsinfographicinfrastructureinfrastructure monitoringinfrastructure optimizationinfrastructure pricinginfrastructure visibilityInsuranceintegrationIntegration Partner Programinternet of thingsInternshipInvestment BankingiosiOS monitoringIOTiPhone CrashIRAPIstioITIT operationsITILITSMJavajava 9java apmJava CPUJava Memory LeakJava Monitoringjava programming languagejavascriptJConsoleJMXJVMJVM MonitoringK8sKNativeKPIKubeCon + CloudNative ConkubernetesKubernetes MonitoringLas VegaslegacyLoad RunnerLoad Testinglog analysislog analyticsLog Fileslog4jlogginglogsmachine learningmainframeManaged Service ProvidersmanagementmappingmariadbMaturitymemory leaksMesosmetric datametricsmicoservicesmicroservice patternsmicroservicesmicroservices iqMicrosoftmicrosoft azuremigrationMLmobileMobile APMmobile app metricsMobile Application MonitoringMobile Application Performancemobile applicationsMobile Best Practicesmobile eumMobile Monitoringmobile real-user monitoringMobile RUMMongoDBMonitoringMonitoring AgentsMRUMMSPMTTRMulti Cloudmulti tenancy cloudmulticloudmultitenancyMVC 4mysqlNetflixNetwork MonitoringNetwork Performance Managementnetwork visibilityNew RelicnewsnginxNodenode.jsnode.js apmnode.js monitoringnodetimeNoSQLNPMobamacareObamacare websiteobservabilityomni-channelon-premon-prem vs cloudon-premisesonline shoppingOPCacheopcodeOpenAIOpenAI APIopenshiftopenshift by red hatopenshift by redhatOpenTelemetryoperational analyticsOperationsoperatorsOpNetopsOpTierOraclePaaSpartnerpartner programpartnersPCFpercentilesPerformancePerformance Bottleneckperformance engineeringPerformance Managementperformance metricsPerformance Monitoringperformance testingphpphp 7php apmPHP Best Practicesphp performancephp securityphp upgradePivotalPivotal Cloud Foundryplatform monitoring for PCFpodcastprivate equityproductionProduction Monitoringprofilingprogramming languageprogramming languagesPublic Cloudpublic sectorpythonqaQuest FoglightRBARCAReal User Monitoringreal-time business metricsreal-time business monitoringred hatred hat openshiftresearch reportresponse timeretailriskRoot Cause AnalysisRSARtBMRUMrunbookSaaSSaas APMsaas application performance monitoringsan franciscoSAPSAP monitoringSAP NetWeaverSAP obSAP S/4HANAScalabilitysdkSecure Applicationsecuritysecurity resilienceserverserverlessservice assuranceService Broker Tileservice endpointsservice level agreementServiceNowshardingsingle page applicationsite reliability engineeringSLAslow SQLSmart AgentSmart Agent for Cisco AppDynamicssmart speakersSOASOA monitoringSoftware DevelopmentSpectro Cloud PaletteSplunkspring releaseSpring4ShellSQLSREsupply chainSynthetic Monitoringtaggingtagstechnical debttelemetryTest In ProductionThe Age of Application Observabilitythousandeyestransaction analyticsTransaction ProfilingTroubleshooting ApplicationstuningTypeScriptUCCEUCCE monitoringunified monitoringunified observability experienceUser Experienceuser session trackingVirtual War RoomVisualVMWar RoomwearableswebinarWebPerfWily IntroscopeWindows AzureWindows Azure StoreWNISwomenwomen in techwomen in technologywordpressyarnz/os
AIOps
Product

Anomaly detection and root cause analysis with AppDynamics cognition engine

by
June 26 2019
 

By unifying AIOps and application intelligence, AppDynamics Cognition Engine empowers enterprises to gain critical insights from trillions of metrics. Let's see it in action.

When we talk about AppDynamics’ powerful Cognition Engine, we’re talking about the automatic detection of anomalies in business transactions. Cognition Engine enables you to pinpoint deviating application performance, isolate resource problems, and respond with automated actions. By leveraging a variety of specialized machine learning (ML) models, AppDynamics can detect anomalies in real time and at scale. This enables us to detect problems minutes—or even hours—before a system that relies on traditional thresholding.

Anomaly Detection and Root Cause Analysis: A Step-By-Step Guide

Let’s take a close look at anomaly detection and root cause analysis enabled by the AppDynamics Cognition Engine. In this blog, we’ll learn how to:

  • Quickly detect an issue within an application
  • Drill down to determine the issue’s root cause
  • Enable anomaly detection and root cause analysis

Below is a sample application, ERetail-Pass, which we’ll use for this demo. If you’re unfamiliar with AppDynamics, the diagram in the center of the screen is the Application Flow Map, which is created automatically when you install an AppDynamics agent.

Application-Flow-Map

The AppDynamics agent automatically discovers the various components and how they communicate with each other. Our demo app has a number of different Java services, as well as automatically discovered queues and Redis caches. The Application Flow Map shows a number of KPIs, including load, response time and errors. 

The screen below shows a performance issue that has just occurred. The response time, which dramatically increased around 10:30 a.m., has coincided with a drop in load.

Load-and-Errors-AppD-Flow-Map

At this point, some KPIs show we have a problem—but we’re not sure why. The right side of the screen shows that a number of health rule violations have been triggered:  

Events-AppD-Flow-Map

We also see something new—an anomaly event. Let’s take a closer look at this by clicking Anomalies Started.

Anomaly-screen-AppD

Above we see that AppDynamics has detected a major anomaly, which has started in the “Critical” state on a Business Transaction checkout. From here we can drill deeper and view more details on this particular anomaly, and why it occurred.

Below is our new Anomaly Detection and Root Cause Analysis screen. In the upper left corner, we see the anomaly is now resolved. The timeline shows the anomaly started at around 10:39 a.m., transitioned to a warning at 11:09 a.m. and was resolved at 11:13 a.m. Since the timeline is interactive, you can click on different states—for example, the critical state in red, or transitional state in yellow—for more details. Since the anomaly started as critical, let’s explore that segment of the timeline. 

 

Anomaly-detection-and-RCA-screen

 

The left side of the screen (above, under /r/Checkout) shows high-level information on why the anomaly occurred. We see it occurred on a checkout transaction and that the following two metrics were deviating: 95th Percentile Response Time, and Average Response Time. 

Further down the left side, we’ve identified the top two suspected causes for why the 95th Percentile and Average Response Time are deviating. (In a moment, we’ll drill into these to show how we determine root cause.)

Top-Suspected-Causes-image

 

In AppDynamics, actions can be associated with a policy. Here we see two actions taken— HTTP notifications to a Slack channel to alert people of an issue with this particular business transaction. 

Slack-Notifications-image

AppDynamics has a variety of other actions that you can execute, such as email, SMS messages, or integrations with third parties such as ServiceNow. We also provide Transaction Snapshots for each business transaction. If, for instance, you’d like to dive deeper into the root cause of a particular issue, you can drill down into individual Transaction Snapshots.

Transaction-Snapshots-image

Now let’s take a look at the suspected causes. The Application Flow Map shows a couple of items in red:

Flow-Map-suspected-cause-image

By hovering over the red item on the right, we see its root cause is related to the payment service tier. 

Payment-Service-Tier-root-cause-image

On the left side of the screen under Top Suspected Causes, we see there’s an issue with process CPU usage. This could mean the payment service has a CPU problem, which is affecting the business transaction.

Process-CPU-Usage-issue-image

The next identified suspected cause is the order service, which makes calls to the payment service. It has been impacted as well. 

Order-Service-issue-image

Since we’ve identified the payment service issue as the top root cause, let’s explore it further to see what we can uncover.

95th-percentile-and-average-response-time-image

The Top Deviating Metrics timeline shows the metrics associated with this business transaction. Above, we see the 95th percentile and average response time. The gray bar shows the expected range for this particular metric. We see the 95th percentile and average response time are both very elevated. Both are much higher than the gray bar, which is supposed to be 500 to 700 milliseconds (ms), but in fact is around 1600ms. 

Around 11:05 a.m., both metrics return to the normal range. That’s where the anomaly ends. Bottom line: It’s clear we have a problem with both metrics, which are especially elevated.

Suspected-Cause-Metrics-image

We then scroll down to Suspected Cause Metrics. Here we see two metrics, Process CPU Used and Process CPU Burnt on a particular node. It’s clear these metrics correspond and correlate very closely with the business transaction metrics. We now know that a process issue with CPU usage is causing this particular tier to slow down, which in turn is causing the overall business transaction to slow.

Recap

By drilling into this business transaction, we were able to detect an issue with the 95th percentile response time and the average response time. We then drilled into the top suspected cause and saw that the payment service had a CPU issue. Specifically, CPU usage was at a very high level; this was impacting the payment service, which the order service relies on. This in turn was slowing the business transaction.

How to Enable Anomaly Detection in AppDynamics

Now that we’ve identified an application issue and its root cause, let’s take a quick look at how to enable AppDynamics’ anomaly detection and root cause analysis. 

Anomaly-Detection-image

Enabling anomaly detection and root cause analysis is very straightforward. In the Alert & Respond screen (above), you’ll notice a new section called Anomaly Detection. When we click into Anomaly Detection, we see a toggle that can be turned on or off. This toggle enables Anomaly Detection for every business transaction in your application.

Anomaly-Detect-on-off-image

It’s that easy! No other configuration is required. Keep in mind that Anomaly Detection has to be enabled, which you can do on a per-application basis. Once enabled, we’ll need 24-48 hours to build your machine learning models, after which we’ll continually monitor and alert you when we find issues with your business transactions.

Anomaly events are very similar to health rule violations in AppDynamics, and you’ll see them appear in the Event tabs. You can associate anomaly events with policies and also create actionings, which we saw above in the Slack integration example.

We hope this step-by-step walkthrough gives you a clear view of the powerful capabilities of anomaly detection and root cause analysis in AppDynamics.

Rob Bolton
Rob is a Product Manager at AppDynamics, working with hundreds of customers over the last five years who use AppDynamics to gain visibility into their applications. Prior to AppDynamics, Rob worked in various roles at different technology companies like Akamai Technologies and Microsoft.

Related Posts

Thank you! Your submission has been received!

Oops! Something went wrong while submitting the form

By clicking subscribe, I have read and understood the Privacy Policy and Terms of Use.
Platform
Solutions
Learn

Company
Support