Core detectors for DetectK: threshold, statistical (MAD, Z-score, IQR)
Project description
detectk-detectors
Core detectors for DetectK: threshold-based, statistical (MAD, Z-score, IQR).
Installation
pip install detectk-detectors
Detectors
ThresholdDetector
Simple but powerful detector that compares metric values against static thresholds.
Features:
- Multiple comparison operators
- Absolute and percentage-based thresholds
- Range checks (between/outside)
- Auto-registration in DetectorRegistry
Operators:
greater_than: value > thresholdgreater_equal: value >= thresholdless_than: value < thresholdless_equal: value <= thresholdequals: value == threshold (with tolerance)not_equals: value != threshold (with tolerance)between: threshold <= value <= upper_threshold (anomaly if INSIDE range)outside: value < threshold OR value > upper_threshold (anomaly if OUTSIDE range)
Usage Examples
Simple Threshold (absolute value)
# config.yaml
name: "sessions_10min"
collector:
type: "clickhouse"
params:
query: "SELECT count() as value FROM sessions"
detector:
type: "threshold"
params:
threshold: 1000
operator: "greater_than" # Alert if > 1000
alerter:
type: "mattermost"
params:
webhook_url: "${MATTERMOST_WEBHOOK}"
Percentage Change Detection
Detect anomalies based on percentage change from baseline:
detector:
type: "threshold"
params:
threshold: 10.0 # 10% increase
operator: "greater_than"
percent: true
baseline: 1000 # Baseline value
Example: If sessions jump from 1000 to 1150 (15% increase), anomaly is detected.
Range Check (outside bounds)
Alert if value falls outside expected range:
detector:
type: "threshold"
params:
threshold: 900 # Lower bound
upper_threshold: 1100 # Upper bound
operator: "outside" # Anomaly if < 900 OR > 1100
Range Check (inside bounds)
Alert if value is INSIDE a specific range (opposite of outside):
detector:
type: "threshold"
params:
threshold: 900
upper_threshold: 1100
operator: "between" # Anomaly if 900 <= value <= 1100
Use case: Detect when metric is in a "bad" range (e.g., error rate between 5-10%).
Decrease Detection
Alert on significant decreases:
detector:
type: "threshold"
params:
threshold: 800
operator: "less_than" # Alert if < 800
Or with percentage:
detector:
type: "threshold"
params:
threshold: -10.0 # 10% decrease
operator: "less_than"
percent: true
baseline: 1000
Equals Detection (with tolerance)
Alert when value equals specific number (useful for zero-value detection):
detector:
type: "threshold"
params:
threshold: 0
operator: "equals"
tolerance: 0.1 # Within ±0.1
Multiple Detectors (A/B Testing)
Compare different threshold strategies:
detectors:
# Conservative (fewer false positives)
- id: "threshold_high"
type: "threshold"
params:
threshold: 1500
operator: "greater_than"
# Aggressive (catch more anomalies)
- id: "threshold_medium"
type: "threshold"
params:
threshold: 1200
operator: "greater_than"
# Percentage-based
- id: "percent_20"
type: "threshold"
params:
threshold: 20.0
operator: "greater_than"
percent: true
baseline: 1000
Configuration Parameters
Required
threshold(float): Threshold value (or lower bound for range operators)
Optional
-
operator(str): Comparison operator (default:"greater_than")- Options:
"greater_than","greater_equal","less_than","less_equal","equals","not_equals","between","outside"
- Options:
-
upper_threshold(float): Upper bound forbetween/outsideoperators (required for these operators) -
percent(bool): If true, threshold is percentage change from baseline (default:false) -
baseline(float): Baseline value for percentage calculation (required ifpercent=true) -
tolerance(float): Tolerance forequals/not_equalsoperators (default:0.001)
Detection Result
ThresholdDetector returns DetectionResult with:
is_anomaly(bool): Whether value violates thresholdscore(float): Distance from threshold (higher = more anomalous)lower_bound/upper_bound(float | None): Expected bounds for visualizationdirection(str | None):"up","down", orNonepercent_deviation(float | None): Percentage deviation from threshold (if anomaly)metadata(dict): Detector configuration and comparison details
Edge Cases
Zero Threshold
detector:
type: "threshold"
params:
threshold: 0
operator: "greater_than"
Works correctly: any positive value triggers anomaly.
Negative Values
detector:
type: "threshold"
params:
threshold: -100
operator: "less_than"
Works correctly: -150 < -100 → anomaly.
Zero Baseline (percentage mode)
❌ Not allowed - raises ConfigurationError:
detector:
type: "threshold"
params:
threshold: 10
percent: true
baseline: 0 # ERROR: Division by zero
Testing
cd packages/detectors/core
pytest tests/ -v
All 23 tests passing ✅
License
MIT
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file detectk_detectors-0.1.0.tar.gz.
File metadata
- Download URL: detectk_detectors-0.1.0.tar.gz
- Upload date:
- Size: 25.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
5b13c15b5abcc8912b676d1a3dc8963cf9eab5eb53cc1905ed0f809cb46bfc43
|
|
| MD5 |
e2fa5a56157a8212b99764f890cfdde2
|
|
| BLAKE2b-256 |
f4634b213b0f1aa7ad07ad4fdc44a92e795f0ab751c15b604d9dcc26c42d0449
|
File details
Details for the file detectk_detectors-0.1.0-py3-none-any.whl.
File metadata
- Download URL: detectk_detectors-0.1.0-py3-none-any.whl
- Upload date:
- Size: 17.8 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.3
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a931b10fe9f1adf6773362d78118c7b1387d42f8c9bf24e1d0939c260250389a
|
|
| MD5 |
55359a121608cfb4c98693a99e15cd12
|
|
| BLAKE2b-256 |
cd1a1471db124dae65ca761f751118aaa82b1d7150c12f3d137fbdf2bf10e10d
|
