Skip to content
Notifly Notifly

Anomalous Traffic Spike

A simple EWMA detector on top of any requests counter:

import os, time, math, requests


state = {"ewma": None, "ts": time.time()}


def observe(rps_now: float):
    alpha = 0.2
    if state["ewma"] is None:
        state["ewma"] = rps_now
        return
    state["ewma"] = alpha * rps_now + (1 - alpha) * state["ewma"]
    if rps_now > state["ewma"] * 5 and rps_now > 10:
        push("📈 Traffic spike",
             f"RPS={rps_now:.0f} (baseline EWMA {state['ewma']:.1f})",
             priority=9)


def push(t, m, p):
    requests.post(f"{os.environ['NOTIFLY_URL']}/message",
                  params={"token": os.environ["NOTIFLY_TOKEN"]},
                  json={"title": t, "message": m, "priority": p}, timeout=5)

Include the top-5 IPs / user-agents / endpoints in the push — usually it’s immediately clear whether it’s a DDoS, a Product Hunt effect, or your crawler went into a loop.

Section titled “Related recipes”