Log management is a process of collecting, aggregating, analyzing, alerting on and archiving data from various computer network devices, such as servers, routers, switches, firewalls, etc. Log search is a process of identifying individual log messages associated with events. Log search, as a part of log management, can assist in achieving corporate compliance goals and reduces the risk of legal exposure from security breaches. Log search can also significantly reduce network downtime by helping information technology (IT) departments identify particular problems in a network, and fix those problems by identifying and analyzing log messages potentially associated with those problems.
An important aspect of log analysis is the ability to search for associated log messages (e.g., associated pairs or triples of log messages). Conventional search approaches use an index which allows retrieval of a sequence of search items. For example, web search and desktop search provide means to access individual entities, such as documents or database records. These searches, however, are of limited value in log management because groups of associated log messages can be difficult to retrieve.
Another problem with conventional log management systems is the overall cost in time and resources needed to create parsing rules.