Large networks of interconnected computing devices or components are becoming more and more common. The “Internet” or the World Wide Web (the “Web”) may be considered such a computing network that is easily accessible using numerous possible computing devices. In general, any network of interconnected computing devices that communicate among each other to convey information between the devices and/or users of the network may be considered a large network. Such networks may be available to the public (such as the Internet) or may be privately managed (such as networks owned and operated by corporations or other network administrators). For many networks, one or more administrators, managers, and/or network engineers may monitor or otherwise manage the performance of the network and network devices to ensure proper operation of the network.
Monitoring a network performance may include log collection/analytics products deployed in the network to receive and process events and data generated by the devices of the network. Such collection products generally receive packets of information from one or more of the components of the network in response to events that occur within the network. For example, a server of the network may experience of a high volume of traffic and, in response, provide an indication of the high volume of traffic to a collection product. In other examples, the component may provide a report of one or more operating statuses of the component. This information may be gathered by the collection products and stored for use and analysis by administrators of the network. In response to the received and stored events, the administrator may perform one or more remediation procedures to ensure the proper operation of the network. In this manner, a Network Operation Center (NOC) with one or more network administrators may monitor the performance of the network and respond to events that occur within the network.
As networks grow in terms of size, complexity, and number of components associated with the network, the amount of data that is created, received, and stored during monitoring of the network also grows in size and complexity. As the amount of data increases, it may also become more difficult for administrators of the network to consume or analyze the data to effectively manage the operations of the network in response to the received data. Searching through received network data for particular operational information may be both time and resource consuming such that important information or data concerning the operation of the network may be missed by the administrators, putting the efficiency of the network at risk.
It is with these observations in mind, among others, that various aspects of the present disclosure were conceived and developed.