Assigning scores to objects based on search query results

1 - 30 . (canceled) 31 . A method, comprising: accessing, by one or more processing devices, a set of events, wherein each event in the set of events is associated with a time stamp and includes a portion of machine data indicative of performance or operation of an information technology environment; accessing an object-scoring rule that (i) includes a search query that determines when events meet a triggering condition; (ii) identifies an object representing a component of the information technology environment, an application running in the information technology environment, or a person using a component in the information technology environment, and (iii) specifies a numerical contribution to a score for the object, the numerical contribution to be applied to the score based at least on part on a determination that the triggering condition is met; executing the search query of the object-scoring rule against the set of events to determine if the triggering condition of the object-scoring rule is met; based on determining that the triggering condition is met, generating a record of the numerical contribution specified in the object-scoring rule, the record associating the numerical contribution with a time indicator and indicating the object whose score should be affected by the contribution; identifying, using one or more records of numerical contributions, a set of numerical contributions having associated time indicators falling within a defined time period; and calculating the score for the object based on the set of numerical contributions, wherein the score indicates at least one of: an indication of a security risk posed by the component or person that the object represents, an indication of performance of the component of the information technology environment that the object represents, or an indication of performance of the application that the object represents. 32 . The method of claim 31 , wherein the portion of machine data in each event comprises raw machine data. 33 . (canceled) 34 . (canceled) 35 . (canceled) 36 . The method of claim 31 , wherein the object-scoring rule statically identifies the object whose score should be adjusted when the triggering condition is met. 37 . The method of claim 31 , wherein the object-scoring rule variably identifies the object whose score should be adjusted when the triggering condition is met based on a value for a field in one or more particular events that caused the triggering condition to be met, the value for the field derived by applying an extraction rule or regular expression to the portion of machine data in the one or more particular events. 38 . The method of claim 31 , wherein the object-scoring rule statically identifies the numerical contribution to be applied to the score of the object. 39 . The method of claim 31 , wherein the object-scoring rule variably identifies the numerical contribution to be applied to the score of the object based on a value for a field in one or more particular events that caused the triggering condition to be met, the value for the field derived by applying an extraction rule or regular expression to the portion of machine data in the one or more particular events. 40 . The method of claim 31 , wherein the object-scoring rule variably identifies the numerical contribution to be applied to the score of the object based on a number of particular events that caused the triggering condition to be met. 41 . The method of claim 31 , wherein the triggering condition includes a value for a field in an event meeting specified criteria. 42 . The method of claim 31 , wherein the triggering condition includes an aggregate calculated for a field in events in the set of events meeting specified criteria. 43 . The method of claim 31 , wherein the triggering condition includes determining that a threshold number of events meets specified search criteria. 44 . The method of claim 31 , further comprising receiving a user request to create a negative score modifier associated with a particular time. 45 . The method of claim 31 , further comprising receiving a request to adjust the object's score by a particular positive or negative amount. 46 . The method of claim 31 , further comprising causing displaying of a graphical interface enabling a user to generate the object-scoring rule. 47 . The method of claim 31 , wherein events in the set of events are derived from log data. 48 . The method of claim 31 , wherein events in the set of events are derived from network packet data. 49 . (canceled) 50 . (canceled) 51 . (canceled) 52 . (canceled) 53 . (canceled) 54 . The method of claim 31 , further comprising: causing display of object scores for a plurality of objects. 55 . The method of claim 31 , further comprising: causing display of object scores for a plurality of objects in a descending order of score. 56 . A computer-readable non-transitory storage medium comprising executable instructions that, when executed by one or more processing devices, cause the processing devices to perform operations comprising: accessing, by the processing devices, a set of events, wherein each event in the set of events is associated with a time stamp and includes a portion of machine data indicative of performance or operation of an information technology environment; accessing an object-scoring rule that (i) includes a search query that determines when events meet a triggering condition; (ii) identifies an object representing a component of the information technology environment, an application running in the information technology environment, or a person using a component in the information technology environment, and (iii) specifies a numerical contribution to a score for the object, the numerical contribution to be applied to the score based at least on part on a determination that the triggering condition is met; executing the search query of the object-scoring rule against the set of events to determine if the triggering condition of the object-scoring rule is met; based on determining that the triggering condition is met, generating a record of the numerical contribution specified in the object-scoring rule, the record associating the numerical contribution with a time indicator and indicating the object whose score should be affected by the contribution; identifying, using one or more records of numerical contributions, a set of numerical contributions having associated time indicators falling within a defined time period; and calculating the score for the object based on the set of numerical contributions, wherein the score indicates at least one of: an indication of a security risk posed by the component or person that the object represents, an indication of performance of the component of the information technology environment that the object represents, or an indication of performance of the application that the object represents. 57 . (canceled) 58 . The computer-readable non-transitory storage medium of claim 56 , wherein the object-scoring rule variably identifies the object whose score should be adjusted when the triggering condition is met based on a value for a field in one or more particular events that caused the triggering condition to be met, the value for the field derived by applying an extraction rule or regula