You can change the aggregation and grouping of query results displayed in the chart to graphically analyse log events.

The number of drop-down menus that you see under the chart depends on the selected aggregation function.

Verify that you are logged in to the Log Insight Web user interface. The URL format is https://log_insight-host, where log_insight-host is the IP address or host name of the Log Insight virtual appliance.

1

Use the drop-down menus under the Interactive Analytics chart to change the aggregation function and grouping type.

To view the number of events over time, select the Time series check box.

To view only event values, select the Non-time series check box and select at least one field.

2

Click Update.

The following table contains examples to illustrate aggregation and grouping in Log Insight charts.

Example Aggregation and Grouping in the Interactive Analytics Chart

Selection in the First Drop-Down Menu

Selection in the Second Drop-Down Menu

Time series selection

Text Displayed on the Screen

Result

Count

Time series

Time series

Count of events over time

The chart displays a bar chart with the number of events for the current query over time.

Average

vmw_op_latency (VMware - vSphere)

Time series

Average of vmw_op_latency (VMware - vSphere) over time

The chart displays a line chart with average value of operations latency over time.

Count

vmw_esx_problem

Note

Thevmw_esx_problem field does not appear by default. You must extract the vmw_esx_problem field and save the query so that vmw_esx_problem appears in the drop-down menu.

Non-time series

Count of events grouped by vmw_esx_problem

The chart displays a bar chart of the number of events for containing the vmw_esx_problem field.

Count

Time series, vmw_esx_problem

Time series

Count of events over time grouped by vmw_esx_problem

The chart displays a stacked bar chart grouped by vmw_esx_problem over time.