detect_anomalies
Scan monitored services for abnormal behavior by analyzing metrics and logs, returning anomalies ranked by severity for immediate triage.
Instructions
Scan one or all monitored services for abnormal behavior and return the findings ranked by severity. When to use: the entry point for 'is anything wrong anywhere?' triage. Once a service is flagged, follow up with get_service_health for the verdict or query_metrics/query_logs for the raw evidence. Behavior: read-only, no side effects. Applies z-score analysis to metrics, detects log error-rate spikes, and correlates the two. Returns a list of anomalies, each with the affected service, metric/signal, severity, the deviation (e.g. σ and % change), and a short explanation. No anomalies yields an empty list, not an error. Related: get_service_health (single-service verdict), query_metrics (raw series behind a flagged metric).
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| service | No | Optional. Restrict the scan to one service (exact, case-sensitive name from `list_services`). Default: scan every monitored service. | |
| duration | No | Optional. Look-back window analyzed for anomalies, written as <number><unit> with unit s|m|h|d (e.g. '5m', '15m', '1h'). Default: '10m'. | |
| sensitivity | No | Optional. Detection threshold: 'low' flags only strong deviations (>3σ), 'medium' is balanced (>2σ), 'high' is most sensitive and noisier (>1.5σ). Default: 'medium'. |