Join fellow LogicMonitor users at the Elevate Community Conference and get hands-on with our latest product innovations.

Register Now

Platform

Get real-time insights and automation for comprehensive, seamless monitoring with agentless architecture.

Platform Overview
Infrastructure Monitoring
Cloud Monitoring
Digital Experience
AIOPS

Solutions

Whether you work in MSP, Enterprise IT or somewhere in between, the solution is clear.

Solutions Overview
By Initiative
By Industry

Resources

Explore our blogs, guides, case studies, eBooks, and more actionable insights to enhance your IT monitoring and observability.

View Resources
Learn

About us

Get to know LogicMonitor and our team.

About us
Get to know us
Services

Documentation

Read through our documentation, check out our latest release notes, or submit a ticket to our world-class customer service team.

View Resources
Support
TRY IT FREE
ON DEMAND DEMO

Product Documentation

Log Anomaly Detection Reset

Last updated on 13 May, 2025

In LM Logs, you must regularly reset the log anomaly profile for accurate anomaly detection by maintaining a relevant baseline. Without a reset, an anomaly is flagged only once for that device, potentially missing new behaviors or significant log pattern changes. Regular resets improve troubleshooting and keep anomaly detection relevant. A structured reset approach ensures meaningful insights, reduced alert fatigue, and accurate anomaly detection in evolving IT environments. 

The following list describes the key benefits of resetting a log anomaly profile:

  • Detects new log behaviors and changes in both the sandbox and production environments.
  • Validates pipeline alerts for anomalies or “never-before-seen” conditions.
  • Resets logs after a major outage to remove outdated anomalies.
  • Transitions smoothly from trial to production with a clean slate.
  • Maintains accuracy with user initiated periodic resets (monthly, quarterly, or annually).
  • Adapts to new applications, system changes, or infrastructure migrations.
  • Ensures compliance during audits by refreshing anomaly baselines to detect new threats.

Recommendation: To maintain accurate anomaly detection, consider the following recommendations:

  • Perform a portal-wide reset at least once per year to reflect current system behavior.
  • Temporarily disable “Never Before Seen” alerts during resets to avoid unnecessary alert floods.
  • Reset anomaly profiles at the resource or group level as needed for infrastructure changes, testing, or post-outage recovery.

Log Anomaly Detection Reset Limitations

You can reset the anomaly detection feature multiple times. The following limits apply within each 24-hour period:

  • Portal Level—You can reset anomalies once every 24 hours. The reset interval starts immediately after the reset is performed.
  • Resource or Resource Group Level—You can reset anomalies up to three times within a 24-hour period. The reset interval starts after the third reset.

If you try to reset anomalies during the reset interval, a message displays the time remaining until the next reset.
For example, if you perform a portal level reset at 1:00 PM, the feature is unavailable until 1:00 PM the next day. If you try again at 1:30 PM, the following message is displayed:
“Please try again after 23 hours and 30 minutes.” 

Note: These reset limits apply at the portal level, not per user. If multiple users access the same portal, the limits remain shared across all users.

Requirements for Resetting Log Anomaly Detection

To reset the log anomaly profile, you must have Manage Resource permissions on the folder or root directory. This requirement applies to portal, resource, and resource group resets.

Note: If you do not have the required permissions and try to reset log anomalies for a resource or resource group, the Reset Log Anomaly Detection option appears in the UI, but selecting it results in an error. For portal level resets, if you do not have permissions on the root directory, the Reset Log Anomaly Detection option will not be available.

Resetting Log Anomaly Detection at Resource Level

  1. In the LogicMonitor portal, go to Resource Tree.
  2. Select the desired resource and select the Logs tab.
  3. Select the More More menu menu, then select Reset anomaly detection. A message confirming your selection is displayed.
    Log anomaly reset
  1. Select Reset anomaly detection to confirm reset of the selected resource.
    resource level confirmation dialog box
    A success message appears confirming that log anomaly detection has been reset.
    The system resets anomaly detection within a few seconds, but it may take up to a minute for anomalies to appear.

Resetting Log Anomaly Detection at Resource Group Level

  1. In the Resource Tree, select the desired resource group.
  2. Select the Logs tab, select the More More menu menu, and select Reset log anomaly detection.
  3. In the confirmation dialog box, select Reset anomaly detection.
    reset anomaly detection at group level
    A success message appears confirming that log anomaly detection has been reset. 
    The success message may take up to one minute to appear, and anomalies can take up to 15 minutes to trigger, depending on the number of resources in the group.

Resetting Log Anomaly Detection at Portal Level

  1. In LogicMonitor, go to the Resource Tree, select the root folder.
  2. Select the More More menu menu, and select Reset log anomaly detection.
    log anomaly reset at root level
  3. In the confirmation dialog box, select Reset anomaly detection.
    log anomaly reset at portal level confirmation
    A success message appears confirming that log anomaly detection has been reset.
    Portal-level anomaly detection resets can take longer. Reset time depends on the number of resources sending logs.

In This Article

Start Your Trial

Full access to the LogicMonitor platform.
Comprehensive monitoring and alerting for unlimited devices.