Security services often rely on log lines to diagnose computer reliability issues. Conventionally, a security service analyzes log lines using product-specific structured schemas. A structured schema may include an entry for each log line generated by a particular product. An entry may include various fields, corresponding to values within a particular log line generated by the product, and information for interpreting the log line. Then, if a computing device is malfunctioning in some way, the security service may identify the log lines generated by an instance of the product running on the computing device and determine to which entry each log line corresponds. Based on the information included in the structured schema for the entries, the security system may diagnose the computing device.
However, in these approaches, in order to derive information about the state of a machine from a particular log line, the particular log line must have been previously analyzed and added to a structured schema. As such, a structured schema created for one product may not be used for other (e.g., newly created) products (i.e., whose log lines vary from the log lines of the product for which the structured schema was created) or even for an updated version of the product for which the structured schema was created. The instant disclosure, therefore, identifies and addresses a need for systems and methods for using log lines generated by products, for which an event schema has not been created, to analyze and remediate computer reliability issues.