Access anomalies
Required permissions
- Allocations Admin, Anomalies Viewer, Cloud Analytics User
View the anomaly list
To view the list of detected cost anomalies, sign in to the DoiT console, select Monitor from the top navigation menu, and then select Cost anomalies.
On the Cost anomalies page, you can:
-
Change the Time range or use anomaly properties to filter the results. (DoiT platform stores all the historical cost anomalies.)
-
Select Anomaly settings to adjust the sensitivity settings and manage notifications.
-
Select Export to CSV to export the list of cost anomalies for custom analysis and reporting outside the DoiT console. The CSV file includes all supported properties (except thumbnail images) and preserves the sorting and filtering applied to the list.
-
For each anomaly, you can review its properties, or select the View button in the Details column to view its details.
Anomaly properties
Each anomaly entry on the Cost anomalies page provides the following information (you can select the Edit icon to choose which columns to show or hide, or reorder them):
-
Start Time: The beginning of the usage window when the aggregated cost exceeds the predefined threshold and is considered a potential anomaly.
-
For anomalies based on billing data, this field shows the start date (billing data time series use a daily interval, with each day starting at 00:00 UTC).
-
For anomalies based on real-time usage data, this field shows the start hour in your local time zone, based on your browser setting (real-time usage data time series use an hourly interval).
-
-
Status: (valid for anomalies detected after December 11, 2023) Shows the status of an anomaly and whether it has been acknowledged. See Dynamic updates and acknowledge a cost anomaly for more information.
-
Project/Account: See Popular dimensions: Project/Account ID. This field shows All if the anomaly was detected at service level instead of at SKU level.
-
Service: See Resource metadata: Service.
-
SKU: The Stock Keeping Unit of a service. See Resource metadata: SKU. This field shows All if the anomaly was detected at service level instead of at SKU level. (Starting May 21, 2025, the near real-time anomaly detection works solely at the service level.)
-
Source: The source data that the cost anomaly was based on.
-
Billing data: The anomaly was detected using billing data by the cloud provider.
-
Real-time usage data: The anomaly was detected using estimated on-demand costs based on usage data derived from AWS CloudTrail events.
-
-
Severity: The severity level of the anomaly:
Information,Warning, orCritical. DoiT defines the three severity levels in accordance with the extent to which the actual cost deviates from the established pattern. -
Cost of anomaly: The difference between the actual cost and the maximum cost in the normal range.
-
Allocation: The allocation rule that defines the group of cloud resources in which the anomaly was detected. Note that anomaly detection for custom allocations supports billing data only.
-
Anomaly: A thumbnail image of the anomaly chart.
Anomaly sensitivity settings
When evaluating whether a spend qualifies as an anomaly, one criterion is whether the spend exceeds the established normal range. The broader the range, the fewer anomalies will be identified.
To adjust the normal range, you can modify the anomaly sensitivity settings:
-
From the Anomaly settings dropdown, select Anomaly sensitivity settings.
-
In the Anomaly sensitivity settings dialog, review the current sensitivity settings and the audit log of the latest update, if applicable.
-
Update the global sensitivity setting, or add, modify, or remove the sensitivity scale of individual services.
Sensitivity settings configured at the service level always override the global setting.
-
Save your changes.
The new sensitivity settings only affect evaluations performed after the change; they do not affect anomalies already identified.