Skip to main content

Documentation Index

Fetch the complete documentation index at: https://doc.extractor.live/llms.txt

Use this file to discover all available pages before exploring further.

Severity

Every alert is assigned a severity level, either set manually or determined automatically by the detector.
LevelMeaning
CRITICALImmediate reaction required — treat as an active incident
HIGHDangerous event that needs prompt attention and resolution
MEDIUMImportant or suspicious event worth investigating
LOWInformational event that may provide useful insights or metrics
INFOProgress or state notification only
AutoDetector chooses severity based on its own logic; overriding this forces all alerts to the selected level
When a detector is set to Auto, it may emit alerts at different severity levels depending on conditions. Overriding forces a fixed level across all alerts from that detector.

Cron Schedule

Controls how frequently a detector evaluates. Three formats are accepted:
Plain-language intervals — easiest to read and configure.
10 min
1 day
2 hours
30 seconds

Condition (Threshold)

Conditions control when a detector fires based on a numeric value. The syntax supports basic comparisons, percentage changes, delta operations, and edge-detection operators.
Standard numeric comparison against a fixed value.
= 100     fires when value equals 100
!= 100    fires when value does not equal 100
> 50      fires when |value| > 50
< 25      fires when |value| < 25
>= 35     fires when |value| >= 35
<= 50     fires when |value| <= 50
Operators >, <, >=, <= apply absolute value handling by default. Prefix with + or - to compare exact signed values instead.
Prefix the threshold with + or - to skip absolute value handling and compare the exact signed value.
> +10     fires when value > 10 (exact, positive only)
> -15     fires when value > -15
< +30     fires when value < 30
< -20     fires when value < -20
Fires based on the percentage change from the previous value. Formula: (v - v₀) / v₀ × 100.
> 25%     change > 25%
< 10%     change < 10%
>= 50%    change >= 50%
= 100%    exact 100% change
Example: if v₀ = 1000 and v = 700, the change is -30%.
Fires based on the absolute change from the previous value using ++ (increase) or -- (decrease).
> ++100    increase greater than 100
< --50     decrease greater than 50
>= ++30    increase of at least 30
= ++20     increase of exactly 20
>> and << variants fire only once when a condition transitions from false to true. Subsequent evaluations return false even if the condition remains true — useful for detecting threshold crossings without repeated alerts.
>> 10     fires once when value crosses above 10
<< 25     fires once when value crosses below 25
>>= 10    fires once when value reaches or exceeds 10
<<= 25    fires once when value reaches or falls below 25
>> ++100  fires once when increase crosses 100
>> 25%    fires once when percentage change crosses 25%
>>> and <<< variants fire only when a new all-time maximum or minimum is reached above/below the threshold.
>>> 100    new maximum above 100
<<< 50     new minimum below 50
>>>= 100   new maximum at or above 100
<<<= 50    new minimum at or below 50
Example for >>> 100:
ValueFires?Reason
90NoBelow threshold
200YesFirst value exceeding 100
150NoAbove 100 but below previous max (200)
300YesNew maximum
200NoBelow current max (300)
Spaces in condition expressions are ignored — > ++ 100 and >++100 are equivalent.