## Setup: Install Dependencies
Run this once to load project libs (requests, pandas, etc.).

In [1]:
# Install from requirements.txt (run once)
%pip install -r ../requirements.txt
print('âœ… Deps installedâ€”restart kernel if needed (Kernel > Restart).')

Defaulting to user installation because normal site-packages is not writeable
Note: you may need to restart the kernel to use updated packages.
âœ… Deps installedâ€”restart kernel if needed (Kernel > Restart).



[notice] A new release of pip is available: 25.0.1 -> 25.2
[notice] To update, run: C:\Users\kumar\AppData\Local\Microsoft\WindowsApps\PythonSoftwareFoundation.Python.3.12_qbz5n2kfra8p0\python.exe -m pip install --upgrade pip


# AIOps Anomaly Detection: Interactive Demo

**Overview**: Offline simulation of automated anomaly detection for IT ops (e.g., Azure VM CPU metrics). 
- Learns 'normal' patterns from time-series data.
- Flags deviations without manual thresholds.
- Visualizes actual vs. expected for proactive downtime prevention.

**Tune & Re-run**: Change `anomaly_prob` or `num_points` in Cell 3, then re-execute.

Future: Replace mocks with Azure Monitor fetches for real data.

In [2]:
# Imports (path to root for src/)
%matplotlib inline 
import matplotlib.pyplot as plt
plt.ioff()  # Disable interactive mode (stops empty windows)
import sys
import random
sys.path.append('..')
from src.detect_anomalies import create_payload_with_anomalies
from src.visualize_anomalies import plot_detection
from datetime import datetime

In [3]:
# Step 1: Generate synthetic time-series data
# Simulates metrics like CPU % with patterns + random anomalies (spikes/drops)
random.seed(42)  # Reproducible for demos
payload = create_payload_with_anomalies(
    num_points=50,  # e.g., 50 mins of data
    anomaly_prob=0.15,  # 15% deviation chance (tune here!)
    base_value=75  # Normal baseline
)
print(f"Generated {len(payload['series'])} points with ~{int(0.15*50)} expected anomalies.")
print("Sample data:", payload['series'][:3])  # Peek at first points

Generated 50 points with ~7 expected anomalies.
Sample data: [{'timestamp': '2025-10-08T19:55:14.857104', 'value': 101.89485435196121}, {'timestamp': '2025-10-08T19:54:14.857104', 'value': 77.76699487422911}, {'timestamp': '2025-10-08T19:53:14.857104', 'value': 72.86938832629416}]


In [4]:
# Step 2: Mock Detection (AIOps 'learns' patterns & flags deviations)
# Real: Call Azure Anomaly Detector API with env vars
result = {
    'isAnomaly': True,  # Overall flag
    'expectedValues': [75] * len(payload['series']),  # Mock learned baseline
    'anomalyStatus': [1 if random.random() < 0.15 else 0 for _ in payload['series']]  # Per-point flags
}
anomaly_count = sum(result['anomalyStatus'])
print(f"Mock detection: {anomaly_count} anomalies flagged! ðŸš¨\n(Proactive alert: Auto-scale resources?)")

Mock detection: 9 anomalies flagged! ðŸš¨
(Proactive alert: Auto-scale resources?)


In [5]:
# Step 3: Visualize (actual vs. expected, red dots on deviations)
import matplotlib.pyplot as plt  # For post-plot saves

# Debug: Print payload to confirm data exists
print("Debug: Payload series length:", len(payload['series']))
print("Debug: Sample values:", [p['value'] for p in payload['series'][:5]])

plot_detection(payload, result, save_path='anomaly_demo_nb.png', show_plot=False)  # No plt.show() = no pop-up
print("Plot renderedâ€”check inline/PNG for spikes & reds!")

# Tweak: Auto-save timestamped high-res PNG to repo (for commits)
from datetime import datetime
timestamp = datetime.now().strftime("%Y%m%d_%H%M%S")
save_name = f"anomaly_demo_{timestamp}.png"
plt.savefig(save_name, dpi=150, bbox_inches='tight', facecolor='white')  # Saves open figure
print(f"ðŸ“¸ Timestamped plot saved: {save_name} (check file size >50KB for content)")

Debug: Payload series length: 50
Debug: Sample values: [101.89485435196121, 77.76699487422911, 72.86938832629416, 73.2979721943807, 65.55239725882886]
ðŸ“Š Plot saved to anomaly_demo_nb.png
Plot renderedâ€”check inline/PNG for spikes & reds!
ðŸ“¸ Timestamped plot saved: anomaly_demo_20251008_195515.png (check file size >50KB for content)


In [6]:
# Step 2.5: Azure Data Fetch Stub (Offline Mock for Now)
# Real: Use azure-monitor-query SDK (add to requirements.txt when live)
def fetch_metrics_mock(workspace_id="mock-ws-123", num_points=50):
    """
    Mocks Log Analytics query: e.g., 'Perf | where ObjectName == "Processor" | summarize avg(CounterValue) by bin(TimeGenerated, 1m)'
    Returns payload-ready series.
    """
    import random
    from datetime import timedelta
    base_ts = datetime.now()
    series = []
    for i in range(num_points):
        ts = (base_ts - timedelta(minutes=i)).isoformat()
        value = 75 + random.uniform(-10, 10) + (i % 5)  # Simulated CPU avg
        if random.random() < 0.1:  # 10% anomaly injection
            value += random.uniform(20, 50)  # Spike
        series.append({"timestamp": ts, "value": value})
    return {"series": series, "granularity": "PT1M"}

# Toggle for 'real' mode (swap mocks when Azure up)
use_azure_stub = True  # Set False for synthetic only
if use_azure_stub:
    payload = fetch_metrics_mock(num_points=50)  # Overrides previous payload
    print("ðŸ”„ Using Azure Monitor stubâ€”real query swaps in here!")
else:
    # Fall back to synthetic
    payload = create_payload_with_anomalies(50, anomaly_prob=0.15)
    print("ðŸ”„ Using synthetic data.")

print(f"Payload ready: {len(payload['series'])} points from 'Azure'.")

ðŸ”„ Using Azure Monitor stubâ€”real query swaps in here!
Payload ready: 50 points from 'Azure'.


In [7]:
# Step 4: Mock Alerting (Proactive Response on Anomalies)
# Real: Post to Azure Action Group webhook or email
alert_threshold = 3  # e.g., alert if >3 anomalies in window
if anomaly_count > alert_threshold:
    alert_msg = f"""
ðŸš¨ AIOps Alert: High Deviation Detected!
- Metrics: CPU % (simulated)
- Anomalies: {anomaly_count} in last {len(payload['series'])} mins
- Top Deviation: Max spike {max([p['value'] for p in payload['series']])}% at ~{payload['series'][0]['timestamp']}
- Action: Auto-scale resources or investigate logs.
- Severity: Medium (tune for multi-cloud)
"""
    print(alert_msg)
    
    # Mock 'send' (e.g., to email/Slack)
    print("ðŸ“§ Mock: Alert sent to Ops team via Azure Alerts/Teams.")
else:
    print("âœ… No alerts triggeredâ€”all within normal patterns.")


ðŸš¨ AIOps Alert: High Deviation Detected!
- Metrics: CPU % (simulated)
- Anomalies: 9 in last 50 mins
- Top Deviation: Max spike 125.72525824591895% at ~2025-10-08T19:55:15.469377
- Action: Auto-scale resources or investigate logs.
- Severity: Medium (tune for multi-cloud)

ðŸ“§ Mock: Alert sent to Ops team via Azure Alerts/Teams.


## Multi-Cloud Extension + Alerting

| Cloud | Data Source | Alert Integration |
|-------|-------------|-------------------|
| **Azure** | Monitor/Log Analytics | Action Groups + Logic Apps for emails/SMS. |
| **AWS** | CloudWatch | SNS notifications on alarms. |
| **GCP** | Operations Suite | Alerting policies to Pub/Sub. |

**Next Steps**: 
- Wire mocks to real webhooks.
- Test with simulated downtime (e.g., anomaly_prob=0.5).