Create anomaly alerts

This page applies to Apigee and Apigee hybrid.

View Apigee Edge documentation.

Apigee enables you to create alerts that are triggered by specific API traffic patterns— for example, when an API's error rate reaches a predetermined threshold. AAPI Ops extends this capability with anomaly alerts, which are triggered whenever Apigee detects unusual API traffic data. The advantage of anomaly alerts is that you don't have to define the exact conditions for each anomaly yourself. AAPI Ops determines the right anomaly conditions using statistical methods, and constantly updates them based on recent traffic data. Using anomaly detection, you let Apigee detect traffic and performance issues, rather than predetermining the alert conditions yourself.

When AAPI-Ops detects an anomaly, it displays the event in the Anomaly Events dashboard. However, it doesn't automatically raise an alert for the anomaly. If you examine an anomaly in the dashboard and decide you want to be alerted about similar event in future, you can create an anomaly alert and set up a notification, which sends you a message whenever the anomaly is detected.

Check required permissions

Before creating an anomaly alert, make sure you have been assigned the required roles for AAPI Ops.

Create an anomaly alert

To create an anomaly alert in the Alerting policy dashboard, do the following:

  1. Open the Create alerting policy > Add alert condition page.

    Go to Add alert condition

    Configure an alert.
  2. Click Select a metric.
  3. In the Filter, type anomaly.
  4. If there are no results, click Active to display all metric types.
  5. Click Apigee environment.
  6. Click Environment.
  7. Click Apigee anomaly event count.
  8. Click Apply.
  9. In the Rolling window menu, select the time period.
  10. In the Rolling window function menu, select delta. This specifies how the data is aggregated over each time period, which you set in the Rolling window field. With the delta setting, the aggregated value equals the final data value in the time period minus the initial data value.
  11. Click Next.

  12. On the Configure alert trigger page, set the Threshold value to 0.5. (Any number between 0 and 1 will work for the threshold.) With this value, a single anomaly exceeds the threshold and triggers the alert.

  13. At this point, you can choose to either:

  14. If you don't want to create a notification at this time:
    • Click Next.
    • Change the Use notification channel toggle to Off.
  15. Enter an Alert policy name.
  16. Click Create policy to save the alert.

Create a notification for an alert

If you want to be notified immediately when an incident occurs, you can create a notification for the alert. When the alert is triggered, Apigee sends you a notification. You can choose any of the following channels to receive the notification:

  • Cloud Mobile App
  • Email
  • Google Chat (Preview)
  • PagerDuty
  • Pub/Sub
  • Slack
  • SMS
  • Webhooks

To create a notification for an alert:

  1. If you just created the alert (as shown in the preceding example) and are currently viewing the Create alerting policy dashboard, skip to the next step.

    Otherwise:

    • Open the Policies page.

      Go to Policies

    • In the row for the alert you created, click View actions > Edit.
  2. Ensure the Use notification channel toggle is on.
  3. Select the notification channels you want to receive notifications. If you want to create a new notification channel, select Manage notification channels. See Create and manage notification channels for more details.
  4. Most of the options on this page are optional. See Create alerting policy for more details.
  5. In the Name the alert policy section, enter an Alert policy name.
  6. If you are creating a new alert policy, click Create policy. If you are editing an existing alert policy, click Save policy.

When an alert is triggered, you will receive a notification providing a summary of the incident and when it occurred. The notification also contains information to help you investigate the incident.