zAware interval anomaly data
zAware interval anomaly data is applicable only on the IBM® Operations Analytics - Log Analysis platform. The IBM zAware data gatherer, a component of IBM Z Operations Analytics on the Log Analysis platform, gathers this data from IBM z Advanced Workload Analysis Reporter (IBM zAware) and sends it to IBM Z Operations Analytics.
zAware interval anomaly data is provided as a z/OS® SYSLOG data source of type
zOS-Anomaly-Interval.
Annotated fields for zAware interval anomaly data
| Field | Description | Data type |
|---|---|---|
IntervalAnomaly |
A double value that indicates the anomaly score for the interval. The score is the percentile of the sum of each anomaly score for individual message IDs within the interval. | Double |
IntervalEndTime |
The time, based on Coordinated Universal Time (UTC), that indicates the end of
an interval for which the log messages that are produced are used to generate the anomaly record.
The format is YYYY-MM-DDTHH:mm:ss.sssZ. |
Date |
IntervalIndex |
An integer that indicates the sequence number of this interval within the specified date. Each index represents a 10-minute period. | Long |
IntervalStartTime |
The time, based on UTC, that indicates the start of an interval for which log
messages that are produced are used to generate the anomaly record. The format is
YYYY-MM-DDTHH:mm:ss.sssZ. |
Date |
LimitedModelStatus |
An indication of whether the model that is used to calculate the anomaly score
for this interval is a limited model. The following values are valid:
|
Text |
ModelGroupName |
The name of an analysis group. Each analysis group is associated with one or more systems from which the logs are used to create a single model. | Text |
NumMessagesNeverSeenBefore |
An integer that indicates the number of message IDs that were issued during this analysis interval for the first time but were never seen in any previous analysis interval or in the current model. | Long |
NumMessagesNotInModelFirstReported |
An integer that indicates the number of message IDs that are not in the model and were issued during this analysis interval for the first time. | Long |
NumMessagesUnique |
An integer that indicates the number of unique message IDs that were issued during this analysis interval. | Long |
SysplexName |
The sysplex name | Text |
SystemName |
The system name | Text |
timestamp |
The time, based on UTC, that indicates the end of the interval record. This
time is equivalent to the value for the IntervalEndTime field. When you search for
interval anomaly scores that are based on a time stamp, ensure that you search for the end time of
the interval record. The format is YYYY-MM-DDTHH:mm:ss.sssZ. |
Date |
zAwareServer |
The hostname or IP address of the IBM z Advanced Workload Analysis Reporter (IBM zAware) server from which the interval anomaly data is retrieved. | Text |