Skip to page contentSkip to chat
ServiceNow support
    • Community
      Ask questions, give advice, and connect with fellow ServiceNow professionals.
      Developer
      Build, test, and deploy applications
      Documentation
      Find detailed information about ServiceNow products, apps, features, and releases.
      Impact
      Accelerate ROI and amplify your expertise.
      Learning
      Build skills with instructor-led and online training.
      Partner
      Grow your business with promotions, news, and marketing tools
      ServiceNow
      Learn about ServiceNow products & solutions.
      Store
      Download certified apps and integrations that complement ServiceNow.
      Support
      Manage your instances, access self-help, and get technical support.
Operation Intelligence: How Anomaly score calculates in Anomaly alerts - Support and Troubleshooting
  • >
  • Knowledge Base
  • >
  • Support and Troubleshooting (Knowledge Base)
  • >
  • Operation Intelligence: How Anomaly score calculates in Anomaly alerts
KB0864807

Operation Intelligence: How Anomaly score calculates in Anomaly alerts


793 Views Last updated : Jul 24, 2025 public Copy Permalink
KB Summary by Now Assist

Issue

Operation Intelligence: How Anomaly score calculated in Anomaly alerts?

Resolution

We calculate using the schedule job "Operational Intelligence - Process Stale Anomaly Score - Daily" , This calls the script from backend processStaleAnomalyScore();

https://<instance-name>.service-now.com/sysauto_script.do?sys_id=1fefd90453423200f6aceca7e3dc3479

  1. Our models predict a range of normal operating values for a metric. When a metric deviates from this range, we examine both the size of that deviation and the duration of the deviation and use these to compute a score that lies between 0 and 10.
  2. A very large deviation from the normal range will result in a critical score (near 10) in very few observations. A period of 30-40 minutes of observations that are barely outside the normal range will also lead to a critical anomaly score.

Related Links

How we are calculating the exact value:

  • Data points that are outside the bounds contribute to an "accumulated anomalousness" measure. Think of it as the area between the metric values and the control bounds when the metric values are outside the control bounds.
  • However, we want to forget past anomalous data so there is an exponential weighting that causes the effect of past anomalous observations to decrease with time.
  • Since this is an area, it can potentially grow very large, so we feed this area into an S-shaped function that maps all values to the range of 0-10.
  • Technically, we fit a sigmoid function to give us the time-to-critical behavior , and then we normalize the output of this sigmoid function to be strictly between 0 and 10 [needed since area is only unbounded above.

The world works with ServiceNow.

Sign in for more! There's more content available only to authenticated users Sign in for more!
Did this KB article help you?
Did this KB article help you?

How would you rate your Now Support digital experience?

*

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

Very unsatisfied

Unsatisfied

Neutral

Satisfied

Very satisfied

What can we improve? Please select all that apply.

What are we doing well? Please select all that apply.

Tell us more

*

Do you expect a response from this feedback?

  • Terms and conditions
  • Privacy statement
  • GDPR
  • Cookie policy
  • © 2025 ServiceNow. All rights reserved.