Anomaly Detection
Automatic z-score anomaly detection for data quality monitoring
Sling automatically detects anomalies in your monitored metrics using z-score analysis over historical data. No extra configuration is needed — just enable the metrics you care about and Sling will alert you when values deviate significantly from their historical baseline.
How It Works
After collecting sufficient historical data, Sling calculates a baseline (mean and standard deviation) from recent metric values. Each new value is compared against this baseline by computing a z-score:
z-score = |current_value - mean| / standard_deviationWhen the z-score exceeds the configured threshold (default: 3.0), an anomaly event is fired — either a spike (value significantly higher than expected) or a drop (value significantly lower than expected).
Requirements
Anomaly detection activates automatically once sufficient history is available:
Minimum data points
7
Number of historical measurements needed
Minimum history days
7
Days of data collection before detection begins
Lookback window
30 days
How far back to look when computing the baseline
All parameters are configurable via the anomaly_detection block.
Anomaly detection begins automatically after collecting at least 7 data points over at least 7 days. Until then, metrics are tracked but no anomaly events are fired.
What Gets Checked
Object-level: Row count changes are checked automatically when row_count: true is set.
Column-level: Any column metric you enable is tracked for anomalies over time. This includes count, null_count, count_distinct, min_max_mean, percentile, size, and others.
Validation rules: Violations from accepted_values, rejected_values, regex_match, and regex_not_match are also reported as anomaly events.
Configuration
Use anomaly_detection in defaults or per object to tune detection sensitivity:
z_score_threshold
float
3.0
Z-score threshold — lower values are more sensitive
min_history_points
int
7
Minimum data points before detection activates
min_history_days
int
7
Minimum days of history required
history_days
int
30
Lookback window for baseline calculation
Per-object settings override individual fields from defaults; unset fields inherit from defaults.
Event Types
anomaly_spike
Value is significantly higher than expected
anomaly_drop
Value is significantly lower than expected
anomaly_pattern_change
Overall pattern shift detected
anomaly_validation_failure
Validation rule violations detected
Severity Levels
Anomaly severity is determined by the z-score magnitude:
Low
≥ 2.0
Medium
≥ 3.0 (default threshold)
High
≥ 4.0
Critical
≥ 5.0
Examples
Default Detection
Enable metrics and let Sling handle anomaly detection with default settings:
Custom Thresholds
Set a lower z-score threshold for sensitive tables:
Longer History Window
For data with seasonal patterns, use a longer lookback window:
Notifications
Enable On Anomaly in your monitor job's notification settings to receive alerts when anomalies are detected. Notifications can be sent via email, Slack, Discord, or Microsoft Teams.
Notification settings are configured per monitor job on the Sling Platform. See the Platform documentation for details on setting up notification channels.
Last updated
Was this helpful?