Generating meta-notable event summary information

What is claimed is: 1. A computer-implemented method comprising: identifying a plurality of notable events by executing a plurality of correlation searches against timestamped event data stored by a data intake and query system; identifying a plurality of meta-notable events by determining that a plurality of sets of notable events from the plurality of notable events satisfy a meta-notable event rule, wherein the meta-notable event rule defines: a plurality of notable event states, wherein a notable event state of the plurality of notable event states corresponds to a correlation search of the plurality of correlation searches, and a plurality of transition rules, wherein a transition rule of the plurality of transition rules defines criteria for transitioning between two notable event states of the plurality of notable event states; and causing display of a graphical representation of a notable event from the plurality of notable events, wherein the graphical representation of the notable event includes an indication that the notable event is included in at least two of the plurality of meta-notable events, and wherein the indication comprises a display of two or more inbound edges or two or more outbound edges connecting the graphical representation of the notable event to graphical representations of other notable events from the plurality of notable events. 2. The computer-implemented method of claim 1 , further comprising shading the graphical representation of the notable event based on a number of inbound edges associated with the notable event. 3. The computer-implemented method of claim 1 , further comprising storing a plurality of records representing the plurality of meta-notable events, and wherein each record of the plurality of records is a timestamped event including identifiers of notable events comprising a set of notable events associated with the record. 4. The computer-implemented method of claim 1 , wherein the timestamped event data comprises a plurality of events, and wherein each event includes a portion of raw machine data created by one or more components of an information technology (IT) or security environment. 5. The computer-implemented method of claim 1 , wherein at least one of the plurality of notable events indicates a potential security threat involving a computing device of an information technology (IT) or security environment. 6. The computer-implemented method of claim 1 , wherein a meta-notable event of the plurality of meta-notable events indicates a potential security threat involving a plurality of computing devices of an information technology (IT) or security environment, and wherein the plurality of computing devices are identified by a set of notable events corresponding to the meta-notable event. 7. The computer-implemented method of claim 1 , further comprising causing display of a graphical user interface (GUI) including graphical elements used to receive input specifying the plurality of notable event states and the plurality of transition rules. 8. The computer-implemented method of claim 1 , wherein the graphical representation further includes a graph showing relationships among the plurality of sets of notable events satisfying the meta-notable event rule. 9. The computer-implemented method of claim 1 , wherein the plurality of transition rules links a start state to an end state based on transitions to one or more intermediate notable event states between the start state and the end state. 10. The computer-implemented method of claim 1 , further comprising executing the plurality of correlation searches on a periodic basis. 11. The computer-implemented method of claim 1 , wherein the plurality of correlation searches are executed to identify event data stored in a field-searchable data store matching one or more search criteria, and wherein the event data comprises timestamped events that include a portion of raw machine data created by a component of an information technology (IT) or security environment and which relates to activity of the component in the IT or security environment. 12. The computer-implemented method of claim 1 , further comprising: receiving raw machine data from components of an information technology (IT) or security environment; segmenting the raw machine data into events, wherein each event contains a portion of the raw machine data; and for each event, determining a timestamp for the event, associating the timestamp with the event, and storing the event in a field-searchable data store. 13. The computer-implemented method of claim 1 , wherein the timestamped event data includes a portion of raw machine data created by one or more components of an information technology (IT) or security environment, and wherein the raw machine data includes at least one of: log data, wire data, server data, network data, file system information, registry information, or information related to one or more processes or services running on a device. 14. The computer-implemented method of claim 1 , wherein at least one transition rule of the plurality of transition rules indicates a field value to be present in notable events satisfying the at least one transition rule. 15. The computer-implemented method of claim 1 , wherein at least one transition rule of the plurality of transition rules indicates a field value to be matched between a first notable event matched by the at least one transition rule and a second notable event matched by a previous transition rule. 16. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause performance of operations comprising: identifying a plurality of notable events by executing a plurality of correlation searches against timestamped event data stored by a data intake and query system; identifying a plurality of meta-notable events by determining that a plurality of sets of notable events from the plurality of notable events satisfy a meta-notable event rule, wherein the meta-notable event rule defines: a plurality of notable event states, wherein a notable event state of the plurality of notable event states corresponds to a correlation search of the plurality of correlation searches, and a plurality of transition rules, wherein a transition rule of the plurality of transition rules defines criteria for transitioning between two notable event states of the plurality of notable event states; and causing display of a graphical representation of a notable event from the plurality of notable events, wherein the graphical representation of the notable event includes an indication that the notable event is included in at least two of the plurality of meta-notable events, and wherein the indication comprises a display of two or more inbound edges or two or more outbound edges connecting the graphical representation of the notable event to graphical representations of other notable events from the plurality of notable events.