In a network environment, determining whether a security breach has occurred may require a detailed analysis of several devices and their security logs, which store already executed actions—often making security a reactive instead of a proactive service. When securing the network as a whole, smaller networks may attempt to aggregate communications to or from the several devices comprising the network at a central security center for analysis of the network's overall health, which requires significant bandwidth, processing resources, and storage resources to be used within the network; all of which increase exponentially as the number of devices comprising the network grow. To use a central security center, especially in larger networks, administrators often compromise on the amount of data collected; leaving malicious parties routes to exploit vulnerabilities in the network that do not leave a trace of their presence.
Similarly, when observing the stability of applications running on a machine, several events may be generated by each of the applications which may impact the stability of the application itself or other applications running on the machine. Due to the high volume of potentially significant events occurring on the machine, developers may miss out on monitoring potentially relevant events, especially because some events within the network are only meaningful when observed in aggregate or in association with another event.