Synthetic Testing Anomaly Detection¶
Used to monitor Synthetic Testing data within the workspace. You can set threshold ranges for the specified data volume generated by testing tasks within a certain period. Once the data volume reaches these thresholds, the system will trigger alerts. Additionally, you can customize alert levels so that when the specified data volume reaches different threshold ranges, corresponding levels of alert events will be triggered.
Use Cases¶
Supports monitoring data volume generated by HTTP, TCP, ICMP, WEBSOCKET, and multistep tests. For example, monitoring the unavailability of deployed URLs in production environments.
Configuration¶
Detection Frequency¶
The execution frequency of the detection rule.
Detection Interval¶
The time range for querying detection metrics. The available detection intervals vary depending on the detection frequency.
| Detection Frequency | Detection Interval (Dropdown Options) |
|---|---|
| 30s | 1m/5m/15m/30m/1h/3h |
| 1m | 1m/5m/15m/30m/1h/3h |
| 5m | 5m/15m/30m/1h/3h |
| 15m | 15m/30m/1h/3h/6h |
| 30m | 30m/1h/3h/6h |
| 1h | 1h/3h/6h/12h/24h |
| 6h | 6h/12h/24h |
| 12h | 12h/24h |
| 24h | 24h |
Detection Metrics: Set the metrics for detection data. Supports setting the data volume of specified data generated by all/single testing tasks in the current workspace as the detection metric.
| Field | Description |
|---|---|
| Test Type | Includes HTTP, TCP, ICMP, WEBSOCKET four types of tests. |
| Test Address | Supports monitoring all or single testing tasks in the current workspace's Synthetic Tests. |
| Metrics | Supports detection based on metric dimensions, including average response time, P50 response time, P75 response time, P90 response time, P99 response time, availability rate, error request count, request count, and availability rate. |
| Dimensions | Any string type (keyword) field in the configuration data can be selected as a detection dimension. Currently, up to three fields can be selected as detection dimensions. By combining multiple detection dimension fields, a specific detection object can be determined. Guance will determine whether the statistical metrics of a detection object meet the threshold of the trigger condition. If the condition is met, an event will be generated.For example: Selecting detection dimensions host and host_ip, the detection object can be {host: host1, host_ip: 127.0.0.1}. |
| Filters | Filters the detection metric data based on metric tags to limit the data range. One or more tag filters, fuzzy matches, and fuzzy non-matches can be added. |
You can perform query statistics on testing tasks based on four different test types through keyword search or tag filtering.
In addition to simple queries, expression queries are also supported.
Trigger Conditions¶
Set the trigger conditions for alert levels: You can configure any one of the trigger conditions for emergency, important, warning, or normal.
Configure trigger conditions and severity. When the query result has multiple values, an event will be generated if any value meets the trigger condition.
For more details, refer to Event Level Description.
Continuous Trigger Judgment¶
If continuous trigger judgment is enabled, you can configure the system to generate an event after the trigger condition is met multiple times in a row. The maximum limit is 10 times.
Bulk Alert Protection¶
Enabled by default.
When the number of alerts generated in a single detection exceeds the preset threshold, the system will automatically switch to a status summary strategy: Instead of processing each alert object individually, it will generate a small number of summary alerts based on the event status and push them.
This ensures the timeliness of notifications while significantly reducing alert noise and avoiding the risk of timeout due to processing too many alerts.
Note
When this switch is enabled, the event details generated by subsequent monitor detections will not display historical records and associated events.
Alert Levels¶
-
Emergency (Red), Important (Orange), Warning (Yellow): Based on the configured condition judgment operators.
-
Normal (Green): Based on the configured number of detections, explained as follows:
-
Each execution of a detection task counts as 1 detection. For example, if
detection frequency = 5 minutes, then 1 detection = 5 minutes. -
You can customize the number of detections. For example, if
detection frequency = 5 minutes, then 3 detections = 15 minutes.
Level Description Normal After the detection rule takes effect, if emergency, important, or warning abnormal events are generated, and the data detection result returns to normal within the configured number of detections, a recovery alert event will be generated.
❗️ Recovery alert events are not subject to alert silence restrictions. If the number of detections for recovery alert events is not set, the alert event will not recover and will remain in the Events > Unrecovered Events List. -
Data Gap¶
For data gap status, seven strategies can be configured.
-
Linked to the detection interval time range, judge the query result of the most recent minutes of the detection metric, do not trigger an event.
-
Linked to the detection interval time range, judge the query result of the most recent minutes of the detection metric, treat the query result as 0. At this point, the query result will be compared with the threshold configured in the trigger conditions above to determine whether to trigger an abnormal event.
-
Custom fill the detection interval value, trigger data gap event, trigger emergency event, trigger important event, trigger warning event, and trigger recovery event. For this type of configuration strategy, it is recommended to set the custom data gap time >= detection interval time interval. If the configured time <= detection interval time interval, there may be cases where both data gap and abnormal conditions are met. In this case, only the data gap processing result will be applied.
Information Generation¶
When this option is enabled, detection results that do not match the above trigger conditions will generate "information" events.
Note
When trigger conditions, data gap, and information generation are configured simultaneously, the triggering priority is judged as follows: data gap > trigger conditions > information event generation.
Other Configurations¶
For more details, refer to Rule Configuration.