The present disclosure relates to anomaly detection in systems that analyze big data to detect anomalies, and more particularly to generating alarms that notify maintenance personnel to the anomalies.
Software configuration changes, such as the installation, patch, upgrade, and removal of a software component, can have a significant impact on the performance of a computing device. Additionally, such changes may affect demands for memory resources, network resources, and storage resources. Often times, IT management software is deployed and is configured to detect such configuration changes, and identify the changes as anomalies in the behavior of the computing device. System administrators, for example, need this type of information to assist them analyze the performance of the computing device.
Conventionally, system administrators and other maintenance personnel must manually examine log files related to the detected changes to determine whether a configuration change occurred. However, once a configuration change is detected, the system administer must typically investigate the so-called anomaly further to determine if the configuration change is responsible for an observed change in performance of the computing device. This process, however, is tedious and error prone.
Particularly, with conventional systems, a system administrator is only able to observe a change in configuration of the computing device and then correlate that change to a suspected anomaly. Conventional systems do not consider that computer devices may behave one way under one set of circumstances, but another way under another set of circumstances (e.g., a software install, upgrade, removal, patch, hardware change, and the like). Further, conventional systems do not account for the fact that the behavior of a computing device may change after a configuration change, but that such behavior may be considered normal for the configuration change. Actions such as alarm generation and corrective action are generally warranted only when the behavior of a given computing device is truly abnormal.