Earthquake Anomaly Agent

A data-driven earthquake anomaly detection agent leveraging ES|QL analytics and indexed runbooks to automate baseline comparison, spike detection, and contextual interpretation.

Comment

Inspiration

Earthquake monitoring systems generate massive volumes of seismic telemetry, yet anomaly interpretation still relies heavily on manual dashboard inspection. I wanted to build an AI agent that does more than visualize data ā€” one that actively reasons about abnormal patterns and explains them in operational context. The agent ingests real-world seismic telemetry from the USGS FDSN API.

What it does

Earthquake Anomaly Agent monitors indexed seismic data and automatically detects abnormal behavior such as:

  • 24-hour event spikes
  • Magnitude distribution shifts
  • Shallow-depth ratio anomalies
  • Geographic clustering patterns

When anomalies are detected, the agent retrieves structured runbooks from Elasticsearch and generates contextual explanations, validation steps, and recommended actions.

How we built it

The agent leverages:

  • Elasticsearch indices (events_geo, runbooks)
  • ES|QL for aggregation and baseline calculations
  • Structured runbook index for deterministic reasoning
  • Agent instruction layering to enforce consistent output format

Historical baselines are computed using rolling averages (e.g., 7-day windows), and anomaly conditions are evaluated dynamically at query time.

Challenges we ran into

Designing statistically meaningful thresholds without excessive false positives was difficult. Seismic activity is inherently bursty, and distinguishing natural aftershock sequences from abnormal data ingestion patterns required careful rule design.

Another challenge was balancing deterministic runbook logic with generative reasoning to ensure responses remain structured and operational.

Accomplishments that we're proud of

  • Successfully integrated operational runbooks as retrievable indexed knowledge
  • Automated baseline comparison using ES|QL
  • Produced structured incident-style explanations instead of narrative responses
  • Transformed seismic telemetry into actionable situational intelligence

What we learned

We learned that anomaly detection alone is insufficient ā€” explainability is critical. Embedding domain knowledge directly into indexed runbooks dramatically improves trust and reproducibility.

We also gained deeper insight into ES|QLā€™s analytical capabilities for real-time reasoning workflows.

What's next for Earthquake Anomaly Agent

  • Adaptive threshold tuning using historical variance modeling
  • Integration with real-time alerting pipelines
  • Expansion to multi-sensor observability (GPS deformation, gas emission data)
  • Vector-based similarity detection for historical swarm comparison

Built With

Share this project:

Updates