Anomaly detection is a method for spotting unusual behavior in your data—values that deviate from an expected baseline. In web analytics, it helps you catch sudden drops in Conversion Rate, traffic spikes from a bot storm, or a broken step in a Goal Funnel before it burns your budget. Instead of staring at charts, you define “normal,” watch variance around it, and auto-flag outliers for investigation.
Why it matters in web analytics
Teams track KPI (Key Performance Indicator) trends over time. Real traffic is noisy: day-of-week effects, seasonality, and campaign bursts. Anomaly detection filters the noise so you act only when a metric moves in a statistically meaningful way. Use it on engagement metrics (Bounce Rate, Engagement Rate), ecommerce outcomes, or per User Segment cohorts—segment-level anomalies often surface issues hidden in aggregate Session data.
Common approaches (quick map)
- Static thresholds: flag when a metric crosses a fixed limit. Fast, but brittle.
- Z-score (sigma) rules: compute how many standard deviations a value is from the baseline mean. Good default.
- Robust stats: medians + MAD (median absolute deviation) to resist outliers.
- Seasonal models: learn weekly/annual patterns and flag residuals (what’s “weird” after seasonality).
- Multivariate checks: monitor several metrics together (e.g., traffic + CVR) to reduce false positives.
Simple formula
For a metric xxx: z=x−μσz = \frac{x – \mu}{\sigma}z=σx−μ
where μ\muμ is the rolling baseline mean and σ\sigmaσ is the rolling standard deviation. A common rule of thumb: flag if ∣z∣≥3|z| \ge 3∣z∣≥3.
Mini example (sessions):
| Date | Value | Baseline μ | Baseline σ | z-score | Anomaly? |
|---|---|---|---|---|---|
| 2025-08-10 | 1,200 | 1,200 | 150 | 0.00 | — |
| 2025-08-11 | 1,175 | 1,200 | 150 | −0.17 | — |
| 2025-08-12 | 1,750 | 1,200 | 150 | 3.67 | ✅ Yes |
Practical tips
- Use rolling windows aligned to behavior (e.g., last 28 days).
- Model seasonality (weekday vs weekend) to avoid false alarms.
- Alert on both negative and positive anomalies; a “too good to be true” spike can be bot traffic.
- Scope by Cohort Analysis or channel; local anomalies beat one-size-fits-all.