Information systems generate vast amounts and wide varieties of machine data such as activity logs, error logs, configuration files, network messages, database records, etc. This machine data can be useful in troubleshooting systems, detecting operation trends, identifying security problems, and measuring system performance. For example, a system administrator can use error logs to determine that a particular component is experiencing a relatively high number of errors and, thus, may have a problem that needs to be addressed.
In the context of IT (information technology) systems, it is desirable for IT specialist to quickly identify any infrastructure components affected by a problem and determine the root cause of the problem. For example, if a particular machine, such as a server, is experiencing problems, the IT specialist will want to know that the problem exists, and the IT specialist will want to identify the particular machine(s) that is causing the problem so that they can focus their efforts on fixing the machine(s). These types of issues can be particularly difficult to diagnose and remedy in complex systems, such as e-mail systems, database systems, or server systems that involve a large number of interrelated processes running on different machines. For example, the Microsoft Exchange™ service (a calendaring software, a mail and contact manager developed by Microsoft Corporation of Redmond, Wash.) may employ a number of different component services, or systems, such as Outlook™ RPC, Outlook™ Web Access, ActiveSync™ and so forth, that execute on a variety of different servers. If one of these servers has a problem it can be compounded by the fact that the problem may not manifest itself in an easily detectable manner, and, even if the problem is detected, it can be difficult to identify the source of the problem. Although some systems, such as the Microsoft Exchange™ service, provide access to performance parameters, such as “counters,” that can provide insight into the health of a system, typically these parameters alone do not provide IT managers with the information they need to effectively diagnose and correct problems within their systems.