Skip to content

Anomaly Detection Rules

Ahmed edited this page Mar 16, 2026 · 2 revisions

Anomaly Detection Rules

EventLens can perform scheduled anomaly scans to detect complex state violations in your system based on replaying aggregate histories.

Rule Configuration

Inside your eventlens.yaml, define conditions and severity codes:

anomaly:
  scan-interval-seconds: 60
  rules:
    - code: NEGATIVE_BALANCE
      condition: "balance < 0"
      severity: HIGH
    - code: LARGE_WITHDRAWAL
      condition: "amount > 10000"
      severity: MEDIUM

How It Works

  • The scan-interval-seconds performs a background sweep over your event store.
  • Replayed states are evaluated against the condition logic via a parser.
  • Any event that pushes a state into violation will be flagged and listed in the EventLens "Anomalies" dashboard.

Return Home

Clone this wiki locally