The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Modern data centers and other computing environments often comprise anywhere from a few devices to thousands of computing devices that process various types of data, service requests from an even larger numbers of remote clients, and perform many other computing functions. During operation, many of these devices may include components that produce significant volumes of machine-generated data. For example, many of the devices may include components that produce various types of log files, output files, network data, etc.
Analysis of data generated by such computing devices may yield valuable insight into both the overall operation of such computing environments and individual components thereof. However, the unstructured nature of much of this data presents a number of challenges to analysis in part because of the difficulty of applying semantic meaning to unstructured data. Furthermore, the data generated by the computing devices may vary widely both in the type and format of the data. As the number of computing devices that generate various forms of machine data continues to grow, processing and analyzing large volumes of such machine data in an intelligent manner and effectively presenting the results of such analysis remains a priority.
The amount of machine-generated data produced by a computing environment may depend on a number of devices in the computing environment and the types of tasks for which the devices are responsible. For example, a small business may own a relatively small collection of servers and other network devices that collectively produce a relatively small amount of machine-generated data. In contrast, a large corporation may have thousands of devices that produce massive amounts of data on a daily basis. Further, the amount of data generated by either computing environment may vary over time.
Some organizations may not have the resources or desire to manage one or more computing environments in use by the company. For example, a mid-sized company may desire that a third-party service provider manage the security of the company's internal network instead of hiring dedicated personnel to manage the network. In these circumstances and others, an organization may outsource various computing environment management services to a service provider, such as a managed security services provider (MSSP). In the context of network security, for example, an MSSP typically may use security information and event management (SIEM) software to analyze data generated by network hardware and applications for virus and spam blocking, intrusion detection, virtual private network (VPN) management, etc.