Anomaly Detection ADTK
The Anomaly Detection ADTK Plugin provides machine learning-based anomaly detection for time series data in InfluxDB 3 using the ADTK (Anomaly Detection Toolkit) library. Detect outliers using algorithms like Isolation Forest, Local Outlier Factor, and One-Class SVM, and write detection results to a separate output table for analysis and alerting.
Configuration
Plugin parameters may be specified as key-value pairs in the --trigger-arguments flag (CLI) or in the trigger_arguments field (API) when creating a trigger.
Plugin metadata
This plugin includes a JSON metadata schema in its docstring that defines supported trigger types and configuration parameters. This metadata enables the InfluxDB 3 Explorer UI to display and configure the plugin.
Required parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
database |
string | required | Target database name for anomaly detection results |
table |
string | required | Source table name containing time series data |
field |
string | required | Numeric field name to analyze for anomalies |
output_table |
string | required | Destination table name for anomaly detection results |
Optional parameters
| Parameter | Type | Default | Description |
|---|---|---|---|
detector_type |
string | IsolationForestAD |
Anomaly detection algorithm (IsolationForestAD, LocalOutlierFactorAD, OneClassSVMAD) |
contamination |
float | 0.1 |
Expected proportion of anomalies in the dataset (0.0 to 0.5) |
window_size |
integer | 10 |
Number of data points to include in detection window |
time_column |
string | time |
Column name containing timestamp values |
Examples
Example 1: Basic anomaly detection with Isolation Forest
Write test data and detect anomalies:
# Write normal sensor data
influxdb3 write \
--database mydb \
"sensor_data,location=factory temperature=22.5"
influxdb3 write \
--database mydb \
"sensor_data,location=factory temperature=23.1"
influxdb3 write \
--database mydb \
"sensor_data,location=factory temperature=85.0" # Anomaly
# Create and enable the trigger
influxdb3 create trigger \
--database mydb \
--path "gh:influxdata/anomaly_detection_adtk/anomaly_detection_adtk.py" \
--trigger-spec "every:5m" \
--trigger-arguments "database=mydb,table=sensor_data,field=temperature,output_table=temperature_anomalies" \
temp_anomaly_detector
influxdb3 enable trigger --database mydb temp_anomaly_detector
# Query anomaly detection results (after trigger runs)
influxdb3 query \
--database mydb \
"SELECT * FROM temperature_anomalies ORDER BY time DESC LIMIT 5"Expected output
+----------------------+-------------+-------+----------+
| time | temperature | score | is_anomaly|
+----------------------+-------------+-------+----------+
| 2025-06-01T10:02:00Z | 85.0 | -0.95 | true |
| 2025-06-01T10:01:00Z | 23.1 | 0.12 | false |
| 2025-06-01T10:00:00Z | 22.5 | 0.08 | false |
+----------------------+-------------+-------+----------+Example 2: Local Outlier Factor detection
Use Local Outlier Factor for density-based anomaly detection:
influxdb3 create trigger \
--database monitoring \
--path "gh:influxdata/anomaly_detection_adtk/anomaly_detection_adtk.py" \
--trigger-spec "every:10m" \
--trigger-arguments "database=monitoring,table=cpu_metrics,field=usage,output_table=cpu_anomalies,detector_type=LocalOutlierFactorAD,contamination=0.05,window_size=30" \
cpu_lof_detectorExample 3: One-Class SVM detection
Use One-Class SVM for novelty detection:
influxdb3 create trigger \
--database production \
--path "gh:influxdata/anomaly_detection_adtk/anomaly_detection_adtk.py" \
--trigger-spec "every:15m" \
--trigger-arguments "database=production,table=network_traffic,field=bytes_in,output_table=traffic_anomalies,detector_type=OneClassSVMAD,contamination=0.02,window_size=50" \
network_svm_detectorReady to get started?
Download InfluxDB 3 and have running in minutes.
