Log data recorded by a system (e.g., a server, a gateway device, a network router, a firewall, etc.) are footprints of system and/or network activities. When the system experiences an anomaly, which may be due to various reasons (e.g., attacks, virus, phishing, electricity outage, etc.), a system administrator typically relies on the system log data to identify problems in order to carry out a solution. However, in the modern computing infrastructure which includes a tremendous number of computing devices, more system and network activities take place, leading to more log data being recorded.