<![CDATA[Operational logs are a primary source of evidence for reliability engineering, incident response, and security operations, but log anomaly detection is useful only when scores can be translated into controlled alerts and auditable incident evidence. This paper presents a reproducible end-to-end AIOps pipeline that normalizes raw logs into templates, aggregates them into sliding windows, scores anomalies with representative detectors, calibrates alerts with conformal prediction, and generates evidence-grounded incident tickets. The revised evaluation includes BGL_2k and two additional public sequence benchmarks, HDFS and OpenStack, and adds representative LogAnomaly-style and LogBERT-lite baselines to the original TF-IDF+LR, Isolation Forest, DeepLog-style LSTM, and Transformer comparisons. On BGL_2k, Isolation Forest provides the best ranking performance among the original four detectors (test PR-AUC = 0.750), while the additional HDFS experiment shows that the masked-context LogBERT-lite baseline obtains the strongest sequence-level result (PR-AUC = 0.947, F1 = 0.905). OpenStack remains difficult because the available normal training sample is very small, producing low F1 across all added baselines. We also report inference latency, throughput, memory footprint, conformal alpha sensitivity, window-size sensitivity, model-strategy ablations, and structured false-positive/false-negative patterns. The results should be interpreted as reproducible operational validation of the detection-calibration-ticket workflow rather than a claim of state-of-the-art detector accuracy. The pipeline demonstrates how calibrated scores and template-level evidence can support practical alert control and ITSM-ready ticket generation.]]>
Copyrights © 2026
