For CPU alert if it stays at X%, how to generate alerts if its value changes to Y%(up) or Z%(down), It would be useful to identify spikes it due to schedule task or malicious activity.
Rather than use specific static values such as 80% and 90% to alert on you can alert when a metric such as CPU% reaches its warning or critical threshold. The values can be calculated from a baseline after 7 days of data collection and be configured to be dynamic.
Here are some good references which explain the process in more detail.
Create an alert when response time exceeds warning or critical thresholds (solarwinds.com)
Baselines and baseline calculations in the Orion Platform (solarwinds.com)
Thresholds in the Orion Platform (solarwinds.com)
Thanks @tony.johnson
We are looking more into pattern matching and behavior change.
for the example CPU alert, it should not be compared with absolute number , dynamic baseline is close to it , but that baseline is the average of last week data, we need real time dynamic monitoring, means if CPU spikes suddenly up or down, lets say 10%, an alert should be created.
