The disclosed embodiments provide a system that detects anomalous events. During operation, the system obtains machine-generated time-series performance data collected during execution of a software program in a computer system. Next, the system removes a subset of the machine-generated time-series performance data within an interval around one or more known anomalous events of the software program to generate filtered time-series performance data. The system uses the filtered time-series performance data to build a statistical model of normal behavior in the software program and obtains a number of unique patterns learned by the statistical model. When the number of unique patterns satisfies a complexity threshold, the system applies the statistical model to subsequent machine-generated time-series performance data from the software program to identify an anomaly in an activity of the software program and stores an indication of the anomaly for the software program upon identifying the anomaly.