Years ago I worked on an event system that correlated about 500k daily events to about 40 actionable daily events.

A big part of it used prolog to map artifacts to application to business and technical accountable individuals. So if a down storage device offlined a database and broke an app, the business user and storage guy would be called or paged.

My team does this with Splunk today. For probably 50x the compute and 10x the cost.