Skip to main content

Anomalies

Anomaly - Something that deviates from what is standard, normal or expected.

About Anomalies

Vega's anomaly detection functionality provides businesses with a comprehensive tool to monitor and analyze their expenditure patterns in real-time. By employing advanced algorithms and data analytics, this dashboard swiftly identifies and flags any irregularities or deviations from established spending norms. Such anomalies might suggest inefficiencies, unexpected charges, or even fraudulent activities. By detecting these variances early on, organizations are empowered to take proactive measures, ensuring optimal financial management and safeguarding their resources. The intuitive visual representation of data on these dashboards also facilitates quick decision-making, enabling businesses to maintain control over their financial health and drive cost efficiencies.

Anomalies Dashboard

Anomalies Dashboard

Anomalies Dashboard Filtering

Anomalies Dashboard Filtering

How Vega Anomaly Detection Works

The goal of Vega anomaly detection is to be able to identify and notify about spikes in Cloud spend or usage. Our methodology for this will be to determine a baseline spend over the previous 7 days and then identify anything that is over a certain threshold (default is 10%) as an anomaly.

Our model looks at every one of the previously completed 50 days to determine to show a historical trend of anomalies. In addition, we exclude CUD Purchases, Marketplace Purchases, Private Discounts, Credits, Taxes and Support Fee.

The anomalies that we identify fall into three types and several “flags.” The anomaly report will focus on the Type you select, and then you may choose to multi-select filters for Flags to include or exclude from your analysis. Vega defaults to Net-Fiscal type and Anomaly Spike flag.

Anomaly Types:

  • OnDemand - An anomaly in OnDemand spend.
  • Net Fiscal - An anomaly in Net Fiscal spend.
  • Usage - An anomaly in total usage.

Anomaly Flags:

  • Anomaly Spike - Anything where the current day spend is 10% (or whatever threshold the user defines in the controls) greater than the average spend over the past seven days.
  • AutoParking Schedule Spike - If the object that is being billed operates under an “Instance Hour” type model then we check to see if the previous week spend is analogous to the current day’s spend, if they are within 3% of each other then we’re claiming it is not a spike but an autoparking schedule working as expected.
  • Flattening Spike - If the object is considered an Anomaly but the spend is trending downward (usually this indicates that whatever caused the Anomaly has been fixed) then we will call it Flattening as a way to reduce false positives.
  • Monthly Billing Spike - There are some products which bill on a monthly basis, these will have a billing type of Month, in which case we check for the previous month amount, and then do our generic Anomaly Testing.
  • Weekly Job Spike - Some non-Instance Hour objects still bill more or less frequently depending on the resources they support, for example a CloudWatch log for an autoparked EC2 instance will mimic the autoparking schedule. So we do nearly identical logic as the autoparking type, but just for all objects.

Additionally in the Vega controls interface, users have the ability to dynamically change the granularity, anomaly threshold and baseline amounts that they wish to see in their graphs, charts and tables.

FAQ

  • Does Vega do anything to reduce "noise" from the events so that we can focus on anomalies that matter?
    • A: Yes. In addition to the Flag filters that can be toggled active or inactive above, Vega filters out what would be considered "normal" events. Normal events include amounts less than or equal to 10%, or events that do not result in negative impacts to cost (CUD Purchases, Marketplace Purchases, Private Discounts, Credits, Taxes and Support Fee.)
  • Does Vega send alert Notifications based on these anomalies?
    • A: Yes. Vega will alert users of Anomalies on a daily basis. Vega is mindful on providing anomaly notifications that are focused and impactful to avoid "alert fatigue" which can cause important events to go unnoticed.
  • How frequently does Vega poll data for generating anomaly alerts?
    • A: Vega polls your data providers hourly for usage metrics and merges this data with your provider bills at the cadence they release cost data.
  • Can Anomalies be accessed via the API?
    • A: Yes, users with API access will be able to query for Anomaly events for resources based on their roles and permissions configured in the Vega platform
  • Can Vega customize the look-back periods for my use case in the anomaly model?
    • A: We're working on this and our product team would love to hear from you!