Systems and techniques for displaying timelines of event logs are described. A software application may identify event logs associated with an identifier, such as an IP address of a network element or a username. The software application may group the identified event logs based on specified criteria. The software application may determine multiple sessions in which an individual session includes a group of event logs arranged along a timeline. Sessions associated with a same network element may be displayed with a same magnitude. Sessions associated with different network elements may be displayed with different magnitudes. For example, a first timeline of event logs in a first session at a first network element may be displayed at a first height. A second timeline of event logs in a second session at a second network element may be displayed at a second height.