A method comprises obtaining a set of log files for a software system. The set of log files applies to an extended window. A periodic pattern in a first set of error-event surges in the set of log files is identified. The error-event surges in the first set is identified as event noise. A second set of log files for the software system is obtained. The second set of log files applies to a shortened window. Timeseries analysis on the second set of log files is performed. A particular error-event surge in a detection period in the second set of log files that is abnormal as compared to the shortened window is detected based on the timeseries analysis. That the particular error-event surge does not fit into the periodic pattern is determined, the particular error-event surge is characterized as an anomaly, based on the determining.