System event analyzer and outlier visualization

What is claimed is: 1. A method comprising: identifying a time-series sequence of event data for a type of event; identifying an evaluation time at which to determine an outlier in the time-series sequence; identifying a seasonal adjustment for the event data by: identifying a period over which the time-series sequence displays a similar pattern of event data; selecting a set of windows of the time-series sequence, each window in the set of windows identifying a portion of time including the evaluation time as adjusted by the seasonal adjustment, wherein the set of windows does not include data immediately previous to the evaluation time; determining a first predicted value of the time-series sequence at the evaluation time based on the set of windows of the time-series sequence; determining an alert threshold value based on the first predicted value of the time-series sequence; predicting a second value of the time-series sequence at the evaluation time based on a set of high-frequency data immediately previous to the evaluation time; and modifying the alert threshold value based on a combination of the first predicted value of the time-series sequence and the second predicted value, wherein modifying the alert threshold value comprises multiplying the second predicted value by a scalar; and adding the scalar-multiplied second predicted value to the alert threshold value; receiving subject event data of the time-series sequence corresponding to the evaluation time; comparing, by the event analysis system, the subject event data to the alert threshold value; and identifying an alert level when the subject event data exceeds the alert threshold value. 2. The method of claim 1 , wherein the evaluation time is the time at which the event data is received from a monitored system that generates the subject event data. 3. The method of claim 1 , wherein the time-series sequence of event data includes event data received from a plurality of monitored systems that generate events. 4. The method of claim 1 , wherein the seasonal adjustment is one week. 5. The method of claim 1 , further comprising: determining a second alert threshold value by subtracting the scalar-multiplied second predicted value from the first predicted value of the time-series sequence; comparing the subject event data to the second alert threshold value; and identifying a second alert level when the subject event data is below the second alert threshold value. 6. The method of claim 1 , wherein the time-series sequence of event data comprises a set of data tiles aggregating the event data received at an update frequency, each data tile in the set of data tiles including a plurality of periods of the update frequency. 7. The method of claim 6 , wherein each window of the set of windows includes a portion of the set of data tiles, and further wherein predicting the value of the time-series sequence at the evaluation time is based on summary statistics of the portion of the set of data tiles for each window. 8. The method of claim 1 , further comprising: predicting a third value of the time-series sequence at the evaluation time based on a set of recent data immediately previous to the evaluation time based on a gradient of the recent data; and modifying the alert threshold value based on the third predicted value. 9. A non-transitory computer-readable medium having instructions stored thereon, the instructions executable by a processor and when executed causing the processor to: identify a time-series sequence of event data for a type of event; identify an evaluation time at which to determine an outlier in the time-series sequence; identify a seasonal adjustment for the event data identifying a period over which the time-series sequence displays a similar pattern of event data; select a set of windows of the time-series sequence, each window in the set of windows identifying a portion of time including the evaluation time as adjusted by the seasonal adjustment, wherein the set of windows does not include data immediately previous to the evaluation time; determine a first predicted value of the time-series sequence at the evaluation time based on the set of windows of the time-series sequence; determine an alert threshold value based on the first predicted value of the time-series sequence; predict a second value of the time-series sequence at the evaluation time based on a set of high-frequency data immediately previous to the evaluation time; and modify the alert threshold value based on a combination of the first predicted value of the time-series sequence and the second predicted value, wherein modifying the alert threshold value comprises multiplying the second predicted value by a scalar; and adding the scalar-multiplied second predicted value to the alert threshold value; receive subject event data of the time-series sequence corresponding to the evaluation time; compare, by the event analysis system, the subject event data to the alert threshold value; and identify an alert level when the subject event data exceeds the alert threshold value. 10. The computer-readable medium of claim 9 , wherein the evaluation time is the time at which the event data is received from a monitored system that generates the subject event data. 11. The computer-readable medium of claim 9 , wherein the time-series sequence of event data includes event data received from a plurality of monitored systems that generate events. 12. The computer-readable medium of claim 9 , wherein the seasonal adjustment is one week. 13. The computer-readable medium of claim 9 , the instructions further causing the processor to: determine a second alert threshold value by subtracting the scalar-multiplied second predicted value from the first predicted value of the time-series sequence; compare the subject event data to the second alert threshold value; and identify a second alert level when the subject event data is below the second alert threshold value. 14. The computer-readable medium of claim 9 , wherein the time-series sequence of event data comprises a set of data tiles aggregating the event data received at an update frequency, each data tile in the set of data tiles including a plurality of periods of the update frequency. 15. The computer-readable medium of claim 14 , wherein each window of the set of windows includes a portion of the set of data tiles, and further wherein predicting the value of the time-series sequence at the evaluation time is based on summary statistics of the portion of the set of data tiles for each window. 16. The computer-readable medium of claim 9 , the instructions further causing the processor to: predict a third value of the time-series sequence at the evaluation time based on a set of recent data immediately previous to the evaluation time based on a gradient of the recent data; and modify the alert threshold value based on the third predicted value.