Contact Support

Anomalies

Anomalies Detection Overview

Finout's advanced algorithms analyze historical data to pinpoint cost anomalies within your MegaBill. Finout identifies both cost increases and decreases, allowing you to quickly investigate the reason for any deviations from your regular spending. In addition, you can monitor these anomalies within Finout or receive anomaly updates directly via Slack, MS Teams, ServiceNow (coming soon), or email.

For comprehensive tracking, Finout scans your most frequently used tags, services, cost centers, and virtual tags. Each newly created virtual tag includes an anomaly scan to ensure you get a holistic view of your data.

The following anomalies are tracked automatically:

  • AWS: Regions, Tags, Sub Service, Account Name, Entity Name, Charge Type, Instance Type

  • Azure: Service, Meter Region, Meter Sub Category, Service Family, Consumed Service

  • GCP: Project ID, Labels

  • Global: Cost Center

  • Kubernetes: deployment, demonset, k8s_namespace, cronjob, Pod Labels

  • SnowFlake: query_tag, table_name, cost type, warehouse_name, user name, account

  • DataDog: Product, organization, Sub-Product

  • All Virtual Tags

Differentiating between anomaly types:

Pre-defined anomalies: These are anomalies identified by Finout for significant cost groups and filters. You have the option to modify these to better fit your specific requirements. For guidance on customizing these anomalies, please see the manage anomalies section.

Custom anomalies: Customize your cloud cost anomaly detection to meet your team's unique needs. You can set your own rules, thresholds, and patterns to align with your specific cost management strategies. Custom anomalies offer the flexibility to pinpoint and tackle cost inconsistencies that are most pertinent to your team. For instructions on creating custom anomalies, refer to the create custom anomalies secton.

There are three main functions in Anomalies:

Anomalies Feed

In the Anomalies Feed, you can see all of your anomalies and filter, investigate, and manage them.

  1. Filters:

    • Timeframe

    • Anomaly threshold: Filter anomalies based on specific thresholds. For example: Set a threshold of over 20% will display all anomalies exceeding this limit.

    • Anomaly type: Select from re-defined or custom anomaly types.

    • Cost center: Select a cost center.

    • Key: Select a Key.

    • Value: Select a value.

  2. Search Anomalies: Use free text search to find anomalies based on various terms or descriptions.

  3. Create Anomaly Alert: To create an Anomaly Alert, see Create Custom Anomalies.

  4. Anomaly Settings: Add a default endpoint:

    1. In the Anomalies Feed, click and then click Anomalies Settings. The Anomalies Settings pop-up appears.

    2. Choose a default endpoint and click Save.

      Note: If a default endpoint has been created, all anomaly alerts will automatically be directed to that channel. Should you require a specific alert to be sent to an alternate endpoint, you can customize this preference by adjusting the settings of that particular alert in the edit anomaly section.

    To delete a default endpoint:

    1. In the Anomalies Feed, click and then click Anomalies Settings. The Anomalies Settings pop-up appears.

    2. Click X on the default endpoint you would like to delete.

  5. Clear Anomalies Feed:

    Important: Proceed with caution, this action will clear the whole anomalies feed. Clearing the feed will remove these notifications, and they won't be available for future reference.

    In the Anomalies Feed, click and then click Clear anomalies feed.

  6. Anomaly information: Information regarding a single Anomaly Alert.

  7. Investigate: Clicking Investigate opens MegaBill in a new tab with the anomaly configuration (filters) already populated.

  8. Delete an Anomaly:

    1. In the Anomalies Feed, click Delete in a select Anomaly.

    2. Click Yes.

  9. Add a Comment:

    1. In the Anomalies Feed, click Add Comment in a select Anomaly.

    2. Write a comment and click Save.

  10. Create a Jira issue.

Create Custom Anomalies

When setting up a custom anomaly alert in Finout, you have two choices: create a single anomaly for a particular cost dimension or generate multiple anomalies simultaneously with a single action.

  1. Navigate to Anomalies.

  2. Select Create Anomaly Alert.

  3. Assign an Alert Name to your custom anomaly.

  4. Under Alert Values, select a group of values and apply a cost filter to define the parameters of the anomaly detection scan.

    • Select View: Choose a view from a list of your created views.

    • Filters: Specify the anomaly using cost filters. For example, setting a filter for ‘us-east-1’ will create an anomaly for AWS services only within that region.

    • Group by: Select a MegaBill key, creating anomalies for all items within that group. For instance, selecting ‘AWS Services’ will generate anomalies for each AWS service.

  5. Under Alert Thresholds, select the Sensitivity Threshold to specify the alert trigger based on either a percentage or a specific dollar amount.

Sensitivity Threshold: The sensitivity threshold in anomaly detection is designed to help you fine-tune when alerts are triggered. This threshold enables the definition of anomaly parameters based on your operational norms. Default settings include a $20 minimum for cost changes and a 20% deviation from average costs. To detect smaller fluctuations, you could reduce the dollar threshold below $20 or the percentage below 20%. Alternatively, to focus on more substantial anomalies, increase these thresholds above the default values. Adjust these settings to match the level of sensitivity that aligns with your monitoring needs and cost management strategy.

  • After defining your group and filters, the associated values will appear. You have the option to activate or deactivate each value, allowing you to refine the anomaly alert parameters, making sure it matches exactly what you're looking for.

  • A reference point indicating the average daily cost over the last 30 days is provided to guide your threshold setting, reflecting recent spending trends.

  • An explanatory sentence will provide clarity on the chosen anomaly alerting conditions.

  • Set an anomaly threshold for every value in the group.

    When selecting to create a threshold for each value, you'll have the opportunity to specify the cost change and sensitivity threshold individually for each value.

  1. Alert Endpoints (Optional) - Easily integrate notifications via Slack, MS Teams, ServiceNow (coming soon), or Email. Simply select the desired endpoint (Slack, MS Teams, ServiceNow -coming soon, or Email) to start receiving anomaly alerts. Make sure the configuration for your chosen notification method is completed beforehand.

    1. Set a default endpoint for this anomaly. If no endpoint is defined for a group-by value, the alert for that value will be sent to this default endpoint. If no default endpoint is set, the alert will be sent to the endpoint specified in the anomalies settings.

    2. Enable sending alerts to endpoints based on group-by values:

      1. Toggle-on Send alerts to endpoints per group of values.

      2. Select an endpoint - There are three options:

        1. Default endpoint - Don't toggle on a virtual tag. just use the default endpoint you chose in step a.

        2. Metadata endpoints and selected endpoints -

          1. Toggle on a virtual tag. This will automatically send Alerts to its associated Metadata endpoints.

          2. Click Select Endpoint and add any additional endpoints to send the alert.

        3. Selected endpoints only -

          1. Toggle on a virtual tag.

          2. Click next to the default endpoint to disable it for this alert.

          3. Click Select Endpoint and add any additional endpoints to send the alert.

          4. Click Save.

            Note: If no endpoint is set for a group-by value, the alert will be sent to the default endpoint.

  1. Select the Time Interval for monitoring the anomaly. (The step is coming soon)

  1. Click Save to create the anomaly.

After saving the anomaly, your anomaly will appear under the Manage Anomaly tab. This tab displays a comprehensive table of both custom-created and pre-defined anomalies generated by Finout.

Within the table, each anomaly entry provides:

  • Type: Custom anomaly or pre-defined

  • Threshold

  • Interval

  • Endpoint

  • Activated or deactivated: Indicating if the anomaly is activated or deactivated.

Manage Anomalies

Deleting, Editing, or Duplicating an Anomaly

  1. Navigate to Anomalies.

  2. Select the Manage Anomalies tab.

  3. Search for the relevant anomaly: Use the search bar for a direct query or apply filters to narrow down results.

  4. Select (⋮) beside the relevant anomaly and choose either Edit alert, Delete alert, or Duplicate alert.

  5. If you choose to duplicate, set a name for the duplicated anomaly and adjust all fields accordingly.

Note: Pre-defined anomalies can be customized to suit your needs. You have the flexibility to edit the group values by toggling them on or off, ensuring they meet your specific requirements.

When you modify a predefined anomaly, a new custom anomaly is created with the revised settings, and the original predefined anomaly is deactivated.

PreviousCommitments LogNextCostGuard

Last updated

Still need help? Please feel free to reach out to our team at support@finout.io.