Aggregation and display of search results from multi-criteria search queries on event data

The invention claimed is: 1. A method, comprising: creating, in real-time, a plurality of searchable events from machine data as the machine data is collected in real-time from one or more data sources, each event in the plurality of searchable events is segmented from the machine data and includes an associated portion of the machine data and an associated timestamp derived from the machine data; dividing the plurality of events into sets of events that are organized by time; indexing the timestamped events; hashing each event in the sets of events, wherein each event is tested for duplication using its associated hash value, wherein an event having a hash value that is a duplicate of an existing hash value is removed; as the plurality of events are being created in real-time, receiving a search query that includes at least a time criterion, a second criterion for selection of events, and a page value; generating a result set for an event search query by executing the event search query across the plurality of events, the event search query includes the time criterion and the second criterion for selection of events, the result set includes events that match the time criterion and have an associated portion of the machine data that fulfills the second criterion for selection of events; sorting the result set according to time; causing display of a plurality of aggregated display lines, wherein each aggregated display line among the plurality of aggregated display lines is a summary of one or more search results among the set of search results that have features that satisfy a particular interval among a plurality of intervals and the page value, each interval among the plurality of intervals fitting within a display page. 2. The method of claim 1 , wherein the second criterion for selection of events is a keyword. 3. The method of claim 1 , wherein one or more events in the set of search results is assigned a keyword relevance ranking. 4. The method of claim 1 , further comprising: receiving a duration of the time for the sets of events from a user. 5. The method of claim 1 , further comprising: displaying an interactive paging of the set of search results. 6. The method of claim 1 , wherein the machine data includes raw log data. 7. The method of claim 1 , wherein the machine data includes unstructured data. 8. An apparatus, comprising: a machine data transformation device, implemented at least partially in hardware, that creates, in real-time, a plurality of searchable events from machine data as the machine data is collected in real-time from one or more data sources, each event in the plurality of searchable events is segmented from the machine data and includes an associated portion of the machine data and an associated timestamp derived from the machine data; wherein the machine data transformation device divides the plurality of events into sets of events that are organized by time; wherein the machine data transformation device indexes the timestamped events; wherein the machine data transformation device hashes each event in the sets of events, wherein each event is tested for duplication using its associated hash value, wherein an event having a hash value that is a duplicate of an existing hash value is removed; a search receiver, implemented at least partially in hardware, that, as the plurality of events are being created in real-time, receives a search query that includes at least a time criterion, a second criterion for selection of events, and a] page value; a search result generator, implemented at least partially in hardware, that generates a result set for an event search query by executing the event search query across the plurality of events, the event search query includes the time criterion and the second criterion for selection of events, the result set includes events that match the time criterion and have an associated portion of the machine data that fulfills the second criterion for selection of events; a search result sorter, implemented at least partially in hardware, that sorts the result set according to time; a display formatter, implemented at least partially in hardware, that causes display of a plurality of aggregated display lines, wherein each aggregated display line among the plurality of aggregated display lines is a summary of one or more search results among the set of search results that have features that satisfy a particular interval among a plurality of intervals and the page value, each interval among the plurality of intervals fitting within a display page. 9. The apparatus of claim 8 , wherein the second criterion is a keyword. 10. The apparatus of claim 8 , wherein one or more events in the set of search results is assigned a keyword relevance ranking. 11. The apparatus of claim 8 , further comprising: a user input receiver, implemented at least partially in hardware, that receives a duration of the time for the sets of events from a user. 12. The apparatus of claim 8 , wherein the machine data includes raw log data. 13. The apparatus of claim 8 , wherein the display formatter displays an interactive paging of the set of search results. 14. The apparatus of claim 8 , wherein the machine data includes unstructured data. 15. One or more non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of: creating, in real-time, a plurality of searchable events from machine data as the machine data is collected in real-time from one or more data sources, each event in the plurality of searchable events is segmented from the machine data and includes an associated portion of the machine data and an associated timestamp derived from the machine data; dividing the plurality of events into sets of events that are organized by time; indexing the timestamped events; hashing each event in the sets of events, wherein each event is tested for duplication using its associated hash value, wherein an event having a hash value that is a duplicate of an existing hash value is removed; as the plurality of events are being created in real-time, receiving a search that includes at least a time criterion, a second criterion for selection of events, and a] page value; generating a result set for an event search query by executing the event search query across the plurality of events, the event search query includes the time criterion and the second criterion for selection of events, the result set includes events that match the time criterion and have an associated portion of the machine data that fulfills the second criterion for selection of events; sorting the result set according to time; causing display of a plurality of aggregated display lines, wherein each aggregated display line among the plurality of aggregated display lines is a summary of one or more search results among the set of search results that have features that satisfy a particular interval among a plurality of intervals and the page value, each interval among the plurality of intervals fitting within a display page. 16. The one or more non-transitory computer-readable storage media of claim 15 , wherein the second criterion is a keyword. 17. The one or more non-transitory computer-readable storage media of claim 15 , further comprising: receiving a duration of the time for the sets of events from a user. 18. The one or more non-transitory computer-readable storage media of claim 15 , wherein the one or more sequences of instructions