One or more aspects of the present invention relate to the processing of event log data.
Many services running on a computer system, such as monitoring services and user applications, will generate event records when certain important events occur. Such events may be errors that are generated, crashes or the like. The event records contain relevant details for the event, and are stored in event logs. When a user is troubleshooting a problem, it is common to search the event logs for any event records that contain information that will help determine the cause of the problem.
However, event logs often contain very large numbers of event records, which make it difficult for a user to identify any relevant event records. This is often the case even if the event records are filtered to reduce their number using appropriate search criteria, such as a keyword or time period.