Join
1
0 Comments

How I built "anomaly detection" without calling it AI

by Dario Leone

Two weeks ago I posted here as the guy with zero traffic and zero users. Last week it was the trust badge. This is a build update — and I mostly want to talk about an engineering decision, not pitch you anything.

The question I couldn't shake: why would anyone pick PingMon over UptimeRobot, Better Stack or Pingdom? Price and EU-hosting don't make people switch. So I built the two things I always wanted from a monitor — and hit a decision about how honest to be with the word "AI".

  1. When something breaks, the alert tells you what broke.
    Plain monitors give you "503" and a red dot, then you go digging. PingMon reads the actual response and the alert says something like: "Payment backend unreachable — the load balancer can't reach the upstream, the container likely crashed." The recovery message carries the likely cause too. It's a small LLM call, gated behind the alert: it only runs when an alert actually fires, it's deduped and capped per tier, and it's fail-safe — if the model is slow or down, you still get the normal alert, just without the explanation. (Screenshot)

  2. It catches anomalies even when the status is still 200 OK.
    This is the part I refused to call "AI anomaly detection." The actual mechanism, because I think the honesty matters here:

  • For each endpoint I keep a rolling baseline of two things: response size and response time.

  • A check is flagged only if it deviates beyond max(3σ, a relative floor, an absolute floor) from that endpoint's own history — the floors stop a tiny, ultra-stable endpoint from paging you over statistical noise.

  • And it needs two anomalous checks in a row, same direction, before it alerts. No flapping on a single blip. That's it. Standard deviations and guard rails. No model is doing the detection. The LLM's only job is to write the human - readable explanation after the math has already flagged something. Detection = stats. Explanation = AI. I'm not going to dress a 3-sigma threshold up as machine learning.

Naming it honestly probably cost me a buzzier landing page. But this crowd can smell "AI theater" from a mile away, so — there it is.

Everything else is unchanged, just steadier: uptime + latency, SSL and domain-expiry warnings, cron heartbeats, and public status pages (including the one I run for PingMon itself, in the open).

Still tiny numbers, no paying users yet. But the conversations changed from "isn't this just UptimeRobot?" to "wait— it tells you what broke?"

Happy to go deeper on the detection logic or the per-tier cost gating in the comments.

Question for you: where's your line between a genuinely useful AI feature and AI theater? Mine is "the AI explains, it never pretends to detect."

Too purist — or not enough?

pingmon.de if you're curious. Free tier, no card.

Avatar for Dario Leone Dario Leone
on June 15, 2026
Say something nice to DarioLeone…
Post Comment
Trending on Indie Hackers
Three Days Before Launch, I Let My Own Tool Tear Me Apart User Avatar 37 comments I thought I was building a news visualization tool. Users thought it was a catch-up tool. User Avatar 34 comments Priorities for launching a SaaS solo, with no budget User Avatar 31 comments I Rejected a $15K Acquisition Offer for My Multi-Agent IDE — Here's the Full Breakdown User Avatar 28 comments A pattern I keep seeing in EdTech: traffic isn't usually the problem. User Avatar 23 comments What Happens When a Photo Can Carry Multiple Voices? I Built VoxPho to Find Out User Avatar 15 comments