Presentation And Sorting Of Summaries Of Alert Instances Triggered By Search Questions

What is claimed is: 1 . A method, comprising: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user. 2 . The method of claim 1 , wherein the alert summary comprises a selectable user interface element visually representing the alert, a title of the alert, or a description of the alert. 3 . The method of claim 1 , further comprising: receiving a selection of a particular displayed alert summary; and based on the selection of the alert summary, causing one or more alert instances represented by the selected alert summary to be displayed. 4 . The method of claim 1 , further comprising: receiving a selection of a particular displayed alert summary; based on the selection of the alert summary, causing one or more alert instances represented by the selected alert summary to be displayed; receiving a selection of a particular displayed alert instance; and based on the selection of the alert instance, causing a data set that has triggered the selected alert instance to be displayed. 5 . The method of claim 1 , further comprising: for each alert summary, maintaining an unviewed instance count of alert instances of a respective alert that have not been viewed. 6 . The method of claim 1 , further comprising: for each alert summary, updating an unviewed instance count of alert instances of a respective alert that have not been viewed; and causing the updated unviewed instance count to be displayed with the alert summary. 7 . The method of claim 1 , further comprising: updating, for each alert summary, an unviewed instance count of alert instances of a respective alert that have not been viewed; and causing the alert summaries to be displayed in a sorted order according to unviewed instance counts of the alert summaries. 8 . The method of claim 1 , further comprising: updating a count of alert instances that have been generated by the alert corresponding to the alert summary; and causing the updated count of alert instances of the event to be displayed with the alert summary. 9 . The method of claim 1 , further comprising: updating, for each alert summary, a total count of alert instances of a respective alert; and causing the alert summaries to be displayed in a sorted order according to the total counts of the alert instances of the respective alerts of the alert summaries. 10 . The method of claim 1 , further comprising: executing the search query over the time-series data falling within the particular time range to produce the particular dataset; responsive to determining that the dataset satisfies the triggering condition, generating the instance of the alert. 11 . The method of claim 1 , further comprising: executing the search query over the time-series data falling within the particular time range to produce the particular dataset; responsive to determining that the dataset satisfies the triggering condition, generating the instance of the alert; and updating a count of alert instances generated for the alert corresponding to the alert summary. 12 . The method of claim 1 , further comprising: executing the search query over the time-series data falling within the particular time range to produce the particular dataset, wherein execution of the search query includes applying a late binding schema to the time-series data, the late binding schema including one or more fields defined by one or more extraction rules; responsive to determining that the particular dataset satisfies the triggering condition, generating an instance of the alert. 13 . The method of claim 1 , wherein the alert summaries are displayed by either a desktop computing device or a mobile computing device. 14 . The method of claim 1 , wherein the time-series data includes portions of raw machine data. 15 . The method of claim 1 , wherein determining whether the particular dataset satisfies the triggering condition for the alert includes comparing a number of data items in the particular dataset with a threshold value. 16 . The method of claim 1 , wherein determining whether the particular dataset satisfies the triggering condition includes performing a secondary conditional search on the particular dataset. 17 . A computer system comprising: a memory; and one or more processing devices, coupled to the memory, to: cause, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user. 18 . The computer system of claim 17 , wherein the alert summary comprises a selectable user interface element visually representing the alert, a title of the alert, or a description of the alert. 19 . The computer system of claim 17 , wherein the processing devices are further to: receive a selection of a particular displayed alert summary; and based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed. 20 . The computer system of claim 17 , wherein the processing devices are further to: receive a selection of a particular displayed alert summary; based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed; receive a selection of a particular displayed alert instance; and based on the selection of the alert instance, cause a data set that has triggered the selected alert instance to be displayed. 21 . The computer system of claim 17 , wherein the processing devices are further to: for each alert summary, maintain an unviewed instance count of alert instances of a respective alert that have not been viewed. 22 . The computer system of claim 17 , wherein the processing devices are further to: for each alert summary, update an unviewed instance count of alert instances of a respective alert that have not been viewed; and cause the updated unviewed instance count to be displayed with the alert summary. 23 . The computer system of claim 17 , wherein the processing devices are further to: update, for each alert summary, an unviewed i