Enterprise threat detection (ETD) typically collects and stores a large amount/large sets of log data associated with various heterogeneous systems (often referred to as “big data”) The collected log data is usually analyzed using forensic-type data analysis tools to identify suspicious behavior and to allow an appropriate response. While some implementations of ETD use a semantic layer for interpretation and attaching importance to particular log data, log-producing computing systems typically prepare log data generically and without any semantic context. As a result, data comparison can be complicated and require a large amount of computational resources.