Virtually all complex systems, from telecommunications networks to office printers, include event monitors that generate streams of events (e.g., information messages, warnings and error messages) that provide information that can be used to service the systems. Depending on the type and size of the system, hundreds or even millions of events may be generated on a typical day. The process of sorting through such a large number of events is onerous and impedes the ability of operators to identify failures and repair the system. For this reason, many systems include automated event filtering systems that attempt to filter out un-informative events in order to reduce the number of events that are presented to the user. Event filtering rules typically are written and validated by an expert in the domain of a target system based primarily on his or her knowledge of the system being monitored. This process typically involves a substantial amount of trial and error.
What are needed are systems and methods for assisting domain experts and other users in the development of event filtering rules.