Interactive detection of system anomalies

1 . A system comprising: a data processor to receive input data related to a series of events and telemetry measurements; an anomaly processor to detect presence of a system anomaly in the input data, the system anomaly indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements; an interaction processor, communicatively linked to the anomaly processor and to an interactive graphical user interface, to: display, via the interactive graphical user interface, an output data stream based on the presence of the system anomaly, receive, from the interactive graphical user interface, feedback data associated with the output data stream, and provide the feedback data to the anomaly processor for operations analytics based on the feedback data. 2 . The system of claim 1 , wherein each system anomaly is associated with a time, and further including an evaluator to determine, for a time interval, at least one of an anomaly intensity, an anomaly score, an Anomaly Fingerprint, and a fingerprint matching function. 3 . The system of claim 2 , wherein the anomaly processor further detects a presence of a system anomaly based on the Anomaly Fingerprint, and the fingerprint matching function. 4 . The system of claim 2 , wherein the evaluator determines, for the time interval, anomaly intensities and the anomaly score, and wherein each anomaly intensity may be transformed, with respect to a distribution of anomaly intensities of the same anomaly type in reference time-slots, based on a distinctive residual rarity extremity score, into comparable, additive, and distinctive anomaly intensity scores that are combined to determine the anomaly score. 5 . The system of claim 2 , wherein each event in the series of events is associated with an event type, a time, and zero or more measurement values, and the evaluator determines, for each event type, an anomaly intensity amount for an anomaly type from events in the time interval, wherein for each anomaly type, the anomaly intensity amounts for different event types are combined to determine an anomaly intensity and an anomaly fingerprint, and wherein the anomaly fingerprint is based on a set of relative contributions of event types to the anomaly intensity. 6 . The system of claim 5 , wherein the evaluator determines, for each time interval for an anomaly type, incomparable anomaly intensity amounts, wherein each incomparable anomaly intensity amount is transformed with respect to the distribution of associated incomparable anomaly intensity amounts in reference time intervals, based on a distinctive residual rarity extremity score, into comparable, additive, and distinctive anomaly intensity amounts. 7 . The system of claim 5 , wherein the anomaly type includes one of: a Flood of Events, wherein the anomaly intensity amount is an event count, a Variety of Events, wherein the anomaly intensity amount is an event occurrence indicator, a Flood of Rare Events, wherein the anomaly intensity amount is a product of an event count extremity factor, and an event-type rarity factor, and a Flood of Extreme Signals, wherein the anomaly intensity amount is a maximal signal value per time interval transformed based on a distinctive residual rarity extremity score. 8 . The system of claim 5 , wherein the interaction processor identifies selection of an anomaly fingerprint, and wherein a fingerprint matching score for the anomaly fingerprint is computed in a second time interval to determine presence or absence of similar system anomalies in the second time interval, the fingerprint matching score computed based on a correlation between the anomaly fingerprint and anomaly intensity amounts in the second time interval. 9 . The system of claim 1 , wherein the anomaly processor further generates an interactive analysis interface to be provided via the interactive graphical user interface, and the anomaly processor modifies the output data stream based on interactions with the analysis interface. 10 . The system of claim 9 , wherein the anomaly processor further detects, based on the interactions with the analysis interface, a system anomaly associated with a Partial Pattern anomaly type. 11 . The system of claim 1 , further including a pattern processor to detect event patterns based on at least one of the feedback data and the detected system anomalies. 12 . The system of claim 1 , wherein the anomaly processor further generates a word cloud to be displayed via the interactive graphical user interface, the word cloud highlighting words that appear in log messages associated with a selected system anomaly. 13 . A method to analyze input data related to a series of events and telemetry measurements, the method comprising: generating an output data stream based on system anomalies detected in the input data, the system anomalies indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements; displaying, via an interactive graphical user interface, the output data stream including an attribute associated with the output data stream; receiving, from the interactive graphical user interface, feedback data indicative of selection of a system anomaly; processing the feedback data to modify the output data stream; providing, via the interactive graphical user interface, an interactive analysis interface for operations analytics based on the selected system anomaly. 14 . The method of claim 13 , wherein the attribute associated with the output data stream includes at least one of an anomaly intensity, an anomaly score, an anomaly Fingerprint, a fingerprint matching function, event patterns; a word cloud, an anomaly type, a service message associated with a selected system anomaly, an anomaly intensity for events in a time interval; an event count extremity factor, and an event type rarity factor. 15 . A non-transitory computer readable medium comprising executable instructions to: receive, via a processor, input data related to a series of events and telemetry measurements; detect, via the processor, system anomalies in the input data, the system anomalies indicative of a rare situation that is distant from a norm of a distribution based on the series of events and telemetry measurements; generate an output data stream based on the detected system anomalies; display the output data stream via an interactive graphical user interface; and facilitate operations analytics of the series of events based on feedback data indicative of interactions with the output data stream.