Field of the Invention
The present invention relates to event logging and more particularly to visualizing logged event data.
Description of the Related Art
Event logs are collections of event data collected at various times. Generally, event logs are considered to be collections of sequentially recorded raw data and thus, event logs typically are large in size and granular in nature. Event logs have found application across a variety of systems, including computing and network monitoring, financial transaction processing and real-time machine command and control. However, in all cases, making sense of logged event data can be both processor intensive and mentally challenging.
Event log analysis, then, is required to make sense of the granular data in an event log. Event log analysis refers to tools that load and process event log data in order to present a visual reflection of the content of an event log. Aside from providing a viewer in which the raw data of an event log can be presented, typically, a log analyzer can provide graphical illustrations of different perspective views of data and thus, can be a visual reflection of one or more data reductions of the raw data of the event log. Standard log analysis tools also provide alert monitoring such that when certain logged event data crosses a pre-determined threshold, an alert can be triggered notifying a relevant individual or automated process of the observed condition.
In many instances, parsing a log of events can be of little effect for most entries in the log, but of significant effect for some entries in the log where the data in the log is collected at a great enough frequency, or too low a frequency, to indicate the occurrence of an anomaly or other event of interest. However, to detect a frequency of event collection in a log requires a viewer to focus on the time stamp information for each log entry and to manually detect when the time stamp data becomes compressed for a large number of log entries. Plainly, such an exercise if possible in a log of hundreds if not thousands or even millions of events can be tedious and prone to error.