The chart at the top of the Interactive Analytics page lets you perform visual analysis on the results of your query.

Charts represent graphical snapshots of log search queries. You can use the drop-down menus under the chart to change the chart type.

You can use the first drop-down menu to the left to control the aggregation level of the chart. The Count function is selected by default.

Log Insight provides several aggregation functions.

Type

Field

Description

Count

Events only

Creates a chart of the number of events for a specific query.

Unique count

Any field

Creates a chart of the number of unique values for a field.

Minimum

Numeric fields only

Creates a chart of the minimum value for a field.

Maximum

Numeric fields only

Creates a chart of the maximum value for a field.

Average

Numeric fields only

Creates a chart of the average value for a field.

Std dev

Numeric fields only

Creates a chart of the standard deviation for a field’s values.

Sum

Numeric fields only

Creates a chart of the sum of values for a field.

Variance

Numeric fields only

Creates a chart of the variance for the values of a field.

You can use the second drop-down menu under the chart to group query results by specific field values rather than or in addition to time series.

To view the number of events for a field, for example, the number of events per host, deselect the Time series check box and select the check box for that field.

To view a stacked bar chart for a field with groupings over time, select both the Time series check box and the field check box.

You can select different chart types to change the way data is visualized on the Interactive Analytics page.

Different chart types require different aggregation functions, the use of time series, and group-by fields.

Chart Type

Aggregation Funciton

Time Series Requirement

Group-by Field Requirement

Column

Any

Time series

N/A

Line

Any

Time series

N/A

Area

Any

Time series

N/A

Bar

Any

Non-time series

At least one field

Pie

Count or Unique Count

Non-time series

At least one field

Bubble

Any

Non-time series

Two fields

You can change how charts look on the Interactive Analytics tab, add charts to your custom dashboards, and manage dashboard charts.

Task

Procedure

Change the time range of a chart

On the Interactive Analytics tab, use the drop-down menu to the left of the Search button to switch the period displayed in the chart.

Change the granularity of a chart

On the Interactive Analytics tab, use the buttons at the upper right to switch between different time ranges for each point represented on the chart. The available ranges depend on the time range specified for the query.

Load a dashboard chart on the Interactive Analytics tab

On the Dashboards tab, locate the chart and click the Open in Interactive Analytics icon .

The time range is set to the current time range of the dashboard. You can modify the time range if needed.

Save a chart to your custom dashboard

1

At the upper left of the Interactive Analytics tab, click Add to Dashboard. Alternatively, from the menu to the right of the Search button, select Add Current Query to Dashboard.

2

Type a name, select the destination dashboard from the drop-down menu, select the widget type, add information about the widget, and click Add.

Save a query as a chart to your custom dashboard

1

Click Add Current Query to Dashboard next to the Search button.

2

Type a name, select the destination dashboard from the drop-down menu, make sure the widget type is set to Chart, add information about the widget, and click Add.

Save a query as a field table to your custom dashboard

1

Click Add Current Query to Dashboard next to the Search button.

2

Type a name, select the destination dashboard from the drop-down menu, make sure the widget type is set to Field Table, add information about the widget, and click Add.

Delete a widget from your custom dashboard

1

On the Dashboards tab, select the custom dashboard that contains the widget that you want to delete.

2

In the upper right corner of the widget, click the Other Actions icon Select an action, and select Delete.

3

In the Delete Widget dialog box, click Delete to confirm.