Field NotesJun 1, 2026
Isolation Forest in 80 lines of Python, against the vendor 'AI/ML machine health' pitch
The model layer on top of the open IIoT stack. Scikit-learn trained on InfluxDB data, anomaly scores written back, Grafana renders the result on the same dashboard. What the model catches that the threshold rules miss, and what the $1,200-per-asset SaaS sells on top.
Issue 05 stood up Grafana, InfluxDB, and Telegraf on the same $5.50/mo Hetzner VM that runs the Sparkplug B broker. The alerts in that issue were threshold rules: RMS velocity above ISO 10816 Class II, drive current above 110% nameplate, anomaly score above a fixed line. Issue 06 builds the model that produces the anomaly score, in 80 lines of Python. Scikit-learn Isolation Forest, trained nightly on the prior 14 days of telemetry from InfluxDB, scoring live frames every 10 seconds and writing the score back as its own measurement. The comparison: the same vendor SaaS quote from issue 05, this time looking at what its 'AI-driven machine health' line item actually buys on top of the open implementation. The model catches one real failure pattern that the threshold rules miss. It also produces a class of false positives that the threshold rules do not. The honest read on which of the two layers should sit in front of the maintenance team.
Isolation Forest·Scikit Learn·Anomaly Detection·Machine Learning·Self Hosted·Influxdb