Streaming Z-Score Anomaly Detector (O(1) per event)

This is a tiny baseline streaming anomaly detector that:

maintains rolling statistics over a fixed window
flags anomalies using z-score
updates in O(1) time per event (constant-time rolling mean/std)

Input / Output format

The CLI reads JSON Lines from stdin and writes JSON Lines to stdout.

Input example (one event per line):

{"ts":"2026-04-14T12:00:00Z","value":1.2}
{"ts":"2026-04-14T12:00:01Z","value":1.1}
{"ts":"2026-04-14T12:00:02Z","value":99.0}

Output adds:

zscore
is_anomaly
rolling_mean, rolling_std, rolling_n

Run

PowerShell example:

python .\anomaly_detector.py --field value --window 200 --warmup 30 --z 3.0 < events.jsonl

Quick inline test:

'{"ts":1,"value":1}
{"ts":2,"value":1}
{"ts":3,"value":1}
{"ts":4,"value":1}
{"ts":5,"value":50}' | python .\anomaly_detector.py --warmup 3 --window 5 --z 2.0

Name		Name	Last commit message	Last commit date
Latest commit History 1 Commit
README.md		README.md
anomaly_detector.py		anomaly_detector.py
ml_iforest.py		ml_iforest.py
model_interface.py		model_interface.py
replay_eval.py		replay_eval.py
requirements.txt		requirements.txt
rolling_stats.py		rolling_stats.py
train_iforest.py		train_iforest.py
zscore_scorer.py		zscore_scorer.py

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Streaming Z-Score Anomaly Detector (O(1) per event)

Input / Output format

Run

About

Uh oh!

Releases

Packages

Uh oh!

Contributors

Uh oh!

Languages

Folders and files

Latest commit

History

Repository files navigation

Streaming Z-Score Anomaly Detector (O(1) per event)

Input / Output format

Run

About

Resources

Uh oh!

Stars

Watchers

Forks

Releases

Packages 0

Uh oh!

Contributors

Uh oh!

Languages

Packages