In recent years, the volume, complexity, diversity and velocity of data generated by computational systems, such as information technology (“IT”) infrastructures and cloud computing, have forced many organizations to reconsider their approach to data management and data analytics. One approach to managing and analyzing the performance of computational systems is to analyze log files generated by the computational system. Each log file is a chronological record of events that take place in the operation of the system and can be used to analyze the activity and behavior of event sources in order to diagnose problems. An event is any detectable action generated by an event source, and an event source is any physical or virtual component of the system, such as a server, virtual machine (“VM”), a program, a network, a database, a process control system, and an operating system. An event may be something as simple as a command, warning, or announcement generated by an event source, such as a command to retrieve data from memory, a warning regarding the availability of memory, or announcement that a VM has moved.
Computational system analysts typically search log files to identify abnormalities and identify abnormally behaving event sources. The abnormalities can be software failures, programming bugs, hardware breakdowns, and even human errors. Because most IT and cloud-based applications use text based logging to record events, the log data is typically retrospectively analyzed for abnormalities which is impractical for identification of ran-time abnormalities. Researchers and developers of data-processing systems and information-extraction tools as well as a wide variety of different types of computer users, computer manufacturers, and computer vendors continue to seek systems and methods for detection of abnormalities generated by event sources.