Metrics Advisor is an Azure Cognitive Service that uses AI to automate the detection of anomalies in time series data. The service is able to ingest metric data from various sources (e.g. Azure Data Lake Storage, Azure Cosmos DB, Azure SQL Database, etc), use machine learning to automatically find outliers, and provide diagnostic insights to aid root cause analysis.

Once Metrics Advisor has been deployed within an Azure subscription, there are two methods of interfacing with the service:

• SDK (C#, Python, Java, JavaScript, REST API)

• Web-Based Workspace (GUI)

Example Use Cases

• Prevent fraudulent credit card activity that deviates from historical norms.

• Identify unusual behavior of equipment in a manufacturing plant using sensor data.

• Develop an intrusion detection system by monitoring web application logs.

• Identify anomalies in stock markets which may indicate market manipulation.

High-Level Process

1. Ingest: Onboard time-series data.

2. Configure: Fine tune detection configurations & subscribe to real-time anomaly alerts.

3. Analyse: Diagnose incidents & identify key contributors.

Features

• Data Ingestion: Ability to ingest metric data from a variety of sources (e.g. Azure Data Lake Storage, Azure Cosmos DB, Azure SQL Database, etc).

• Automated model selection: Metrics Advisor automatically selects the best model for your data, no machine learning expertise required.

• Support for multi-dimensional metrics: For example, a metric Revenue could have a dimension Category with values Food, Apparel, etc., which would allow viewing either Revenue across all categories or for each category individually.

• Alerts: Send real-time alerts through multiple channels (Email, Web API, AzureDevOps).

• Automated root cause analysis: Metrics Advisor will try to provide automatic suggestions for likely causes of an incident. Note: If a metric has no dimensions, the root cause will be itself.

• Incident Tree: Manual root cause analysis by drilling up or down a metric based on the associated dimensions.

• Feedback: Add feedback to one point or multiple points that will affect future predictions (e.g. should or shouldn’t be an anomaly).

• Metrics Graph: While Metric Advisor monitors each metric independently, some metrics may relate to one another. Create a visual graph structure to show the relationships between related metrics.

Supported Data Sources

• Azure Application Insights

• Azure Blob Storage (JSON)

• Azure Cosmos DB (SQL)

• Azure Data Explorer (Kusto)

• Azure Data Lake Storage Gen2

• Azure SQL Database | SQL Server

• Azure Table Storage

• Elasticsearch

• HTTP Request

• MongoDB

• MySQL

• PostgreSQL

• Local files (CSV)

Anomaly Detection Demo: S&P 500 Index

The S&P 500 is a popular stock market index that measures the performance of 500 large companies listed on stock exchanges in the United States. This demo will show how you can onboard this data and subscribe to receive alerts when Metrics Advisor detects an anomaly (e.g. close price drops unexpectedly).

Required Azure Resources

• Resource Group

• Metrics Advisor

• Azure SQL Database

Data Source

• Data Source: Yahoo Finance

• Granularity: Daily

• Metric: Close

• Time Period: 2000-01-01 till 2020-11-06

1. Prepare Data Feed

1. Create an Azure SQL Database (e.g. Type: Single Database, Service Tier: General Purpose, Compute Tier: Serverless).

2. Create a stocks table.

3. Populate the table with this sample data: SQL | CSV.
   
   

2. Onboard Time-Series Data

1. Navigate to the Metrics Advisor Workspace

2. From the Metrics Advisor navigation bar, click Add data feed

3. Populate the Connection settings

   • Source Type: Azure SQL Database

   • Granularity: Daily

   • Ingest Data Since: 2020-01-03

   • Authentication Type: Basic

   • Connection String: Copy/paste this value from your Azure SQL Database resource under Connection strings

   • Query: select * from stocks where trading_date >= @StartTime and trading_date < dateadd(DAY, 1, @StartTime)

   • Data Feed Name: Stocks

4. Set the Schema configuration

   • Measure: close_price

   • Timestamp: trading_date

5. Click Submit

Note: This will initiate the model building/enrichment process which can take several minutes to hours to complete depending on the volume of data being ingested.

3. Browse Series (Metric)

1. From the Metrics Advisor navigation bar, click Data feeds

2. Click the arrow to expand the Stocks data feed to reveal the metrics

3. Click close_price

4. Update the calendar picker to return data between 2020-01-01 - 2020-11-08

Note: As this example uses data with Daily granularity, Metrics Advisor will only run historical anomaly detection on the last 28 days. Therefore significant dips in the S&P 500 as occurred in March 2020 due to the pandemic are not detected as this is greater than the historical onboarding time.

4. Create a Hook

A hook is an action on an external service that can be triggered when an alert is raised. Metrics Advisor currently supports three types of hooks: Email, Web (HTTP), and Azure DevOps.

1. From the Metrics Advisor navigation bar, click Hooks

2. Click Create hook

3. Populate the hook properties

   • Hook Type: Email

   • Name: e.g. Contoso Distribution List

   • Email to: e.g. support@contoso.com

   • External Link: e.g. https://www.taygan.co

   • Customized anomaly alert title: e.g. Anomaly Detected: ${datafeedName}, ${metricName}

4. Click OK

Note: Email settings will need to be configured as a pre-requisite before Metrics Advisor can send alerts via email. In order to make this menu item visible, the Cognitive Services Metrics Advisor Administrator role needs to be assigned (Metrics Advisor > Access Control (IAM) > Add role assignment > Cognitive Services Metrics Advisor Administrator). See documentation for more detail.

5. Create an Alert Configuration

1. From the Metrics Advisor navigation bar, click Data feeds

2. Click the arrow to expand the Stocks data feed to reveal the metrics

3. Click close_price

4. Under Alerting configurations, click the plus symbol

5. Provide a Configuration name (e.g. All Stock Anomalies)

6. Select a Hook (e.g. Contoso Distribution List)

7. Click Save

6. Create an Anomaly (Update SQL DB)

Insert a record into the Azure SQL Database that will be picked up by Metrics Advisor in the next ingestion run to force an anomaly to be detected (i.e. INSERT a value into the STOCKS table that is significantly low).

7. Diagnose Incident (Incident Hub)

1. From the Metrics Advisor navigation bar, click Incident hub

2. Click Diagnose under Action

3. Toggle between the Diagnostic tabs (e.g. Metrics drill-down) to perform root-cause analysis

Note: If a metric has no dimensions, the root cause will be itself.

Resources

General

• Product Page: https://aka.ms/MetricsAdvisor

• Documentation: https://aka.ms/MetricsAdvisorDocs

• Portal: https://metricsadvisor.azurewebsites.net/

• Demo: https://anomaly-detector.azurewebsites.net

• Blog: Introducing Metrics Advisor

• API Reference

• Product Team: metricsadvisor@microsoft.com

• Metrics Advisor & Anomaly Detector Advisors Microsoft Teams group

• [Oct 2020] Detect anomalies in your data with Metrics Advisor

Video

• [Sep 2020] New to Cognitive Services: Spatial Analysis and Metrics Advisor - Adina Trufinescu, Principal Program Manager (Compute Vision) and Qun Ying, Senior Program Manager (Anomaly Detector)

• [Sep 2020] What’s new in Azure Cognitive Services [08:16] - Seth Juarez, Cloud Advocate

• [Sep 2020] Introducing Metrics Advisor - Qun Ying, Senior Program Manager

API Reference