Computer operating systems, utilities, and various types of applications issue messages to monitor activity such as errors encountered during operation, to identify changes of state such as service levels being reduced, to audit information such as attempts and/or failures to authenticate to an application or service, etc. The messages may be written to a file and/or sent to an event logging service.
The messages can be collected and analyzed to determine trends in activity, to issue alerts when anomalous events occur such as failed attempts to authenticate to a “privileged” account or when errors occur in processing, to audit usage of software and other needs, etc. These types of analyses depend on reading and processing the messages using, for example, a data analytics application and producing reports with a consistent behavior, format, content, and efficacy. Monitoring tools that track message content to produce alerts on anomalous events have similar requirements.