A central computer system receives a first plurality of event records, each event record identifying one or more events that have occurred in a device of a plurality of different devices. The central computer system identifies, from the first plurality of event records, a first group of event records that identify a same first set of one or more events that occurred on a first subset of the devices. The central computer system determines that a total number of the event records in the first group of event records exceeds a first threshold criterion. In response to determining that the total number of the event records in the first group of event records exceeds the first threshold criterion, the central computer system sends to a destination, information about the first set of one or more events.