Anomaly Detection Agent

Agent Description:

The Anomaly Detection Agent enables Operations and Reliability teams to identify abnormal patterns—such as unexpected spikes, drops, structural shifts, or clustered deviations—in time‑series or transactional data. It analyzes real‑time metrics against dynamically generated statistical baselines to detect departures from expected system behavior with high accuracy.

Purpose and Components
  • Purpose: This template enables organizations to proactively monitor infrastructure, applications, financial transactions, and operational KPIs by applying rolling statistical models, seasonality detection, and deviation scoring mechanisms.

    The agent improves system resilience, reduces downtime, and enhances observability maturity by distinguishing between normal variability and statistically significant anomalies.

    This agent enables organizations to:

    • Construct rolling statistical baselines
    • Model seasonality and trend shifts
    • Compute dynamic control limits
    • Detect point, spike, drop, and cluster anomalies
    • Quantify anomaly severity
    • Perform structured forensic analysis for high-risk cases

    The agent translates raw time-series data into structured anomaly intelligence and risk insights.

  • Components:
    • Baseline Constructor: Establishes statistical baselines and expected behavior ranges from raw data.
    • Statistical and Pattern Anomaly Engine: Computes deviation scores and identifies specific anomaly types (spikes, drops, clusters).
    • Deep Investigation and Root Cause Analyzer: Performs forensic causal and impact analysis for high-risk detected anomalies.
Supported Capabilities

  • Data validation and cleansing

  • Rolling mean and volatility modeling

  • Seasonality pattern detection

  • Control limit computation (2–3σ dynamic thresholds)

  • Z-score and deviation analysis

  • Spike/drop detection

  • Trend shift identification

  • Cluster anomaly detection

  • Severity classification (LOW / MEDIUM / HIGH / CRITICAL)

  • Structured forensic reporting

LLM Used

  • OPENAI GPT_4O_MINI

    Note: To learn more about the LLM and to modify its behavior, refer to the Configuring LLM settings section.

Sub-Agents

1. Baseline Constructor

  • Role:Baseline Model Builder

  • Scope:Prepares dataset and establishes statistical baseline and expected behavior ranges.

  • Description: Validates dataset integrity, removes duplicates and null values, sorts chronologically, detects missing intervals, and computes rolling statistics (mean, standard deviation, median, IQR, trend slope, seasonality). Defines expected_value and upper/lower control limits based on anomaly sensitivity level. Outputs enriched dataset without flagging anomalies.

  • LLM Used: Default (Inherits from parent agent).

2. Statistical and Pattern Anomaly Engine

  • Role: Anomaly Detector

  • Scope: Identifies point, contextual, spike, drop, trend, and cluster anomalies.

  • Description:Computes z-score, deviation percentage, spike ratios, volatility shifts, and anomaly scores. Classifies anomaly types and determines severity level (LOW / MEDIUM / HIGH / CRITICAL). Outputs structured anomaly summary without generating alerts or mitigation plans.

  • LLM Used: Default (Inherits from parent agent).

3. Deep Investigation and Root Cause Analyzer

  • Role: Forensic Analysis Engine

  • Scope: Performs advanced causal and impact analysis for detected anomalies.

  • Description:Analyzes affected segments, temporal propagation, risk level, and operational impact. Generates structured forensic report including mitigation and monitoring improvement recommendations when anomaly_presence is TRUE.

  • LLM Used: Default (Inherits from parent agent).

Tools Used:

  • Request – Get- Retrieves dataset input parameters and time-series data in JSON format for baseline construction.

Note: For details on modifying the Tools, refer Tools Library section.
Agent Workflow Behavior Summary

  1. Input:

    The user provides dataset_name and anomaly configuration parameters.

  2. Baseline Constructor:

    o Validates dataset

    o Computes rolling statistics

    o Detects seasonality

    o Establishes control limits

    o Outputs baseline-enriched dataset

  3. Statistical & Pattern Anomaly Engine:

    o Computes anomaly scores

    o Detects anomaly types

    o Classifies severity

    o Outputs anomaly summary

  4. Deep Investigation & Root Cause Analyzer:

    o Triggered if anomaly_presence = TRUE

    o Performs structured forensic analysis

    o Outputs impact and mitigation recommendations

Sample Questions:
  • Run anomaly detection on dataset payment_service_cpu_usage.
  • Analyze dataset payment_service_cpu_usage and generate anomaly summary.
  • Detect and classify anomalies for the last 2 hours in payment_service_cpu_usage.
  • Evaluate payment_service_cpu_usage for abnormal behavior and determine severity.