Updated at: 2022-12-09 03:49:50
It is mainly to display classified data, which can be laid out horizontally clearly and intuitively displaying multi-dimensional data classification. It can be used in a variety of scenarios, either for timeline or non-timeline data, as follows:
1. Click Visualization > Bar Chart to select data sources. You can filter out the required data sources by selecting Log Group or Saved Search;
2. Make bar chart visualization editing, and configure parameters as follows:
► Metrics - X axis: One or multiple metric aggregation types can be added;
• Aggregation: Select the type of aggregation for the X axis: Count (default), Avg, Sum, Median, Min, Max, Unique Count, Percentiles, Percentile Ranks;
• Conversion of Units: Set the conversion from original units to target units, and you can enable/disable this function;
• Custom Tag: Set the axis name displayed on the X axis
► Buckets: Classify bucket aggregation on field values according to the selected fields:
• Bucket Type: Y-Axis, Split Bar;
• Aggregation: Available types: Date Histogram, Histogram, Range, Date Range, IPv4 Range, Terms, Filters, Significant Terms.
3. After completing the above configuration, click the
button at the top left to check the visual view on the right, as follows:
In the above example, through Y-Axis bucket aggregation, the log data count results are performed with bucket aggregation according to the aggregation field @timestamp. Through Split Bar aggregation, a single columnar bar is divided into columns according to the aggregation field count, and the top 5 count field values are displayed statistically by counting.
4. For the generated chart, you can also switch to Option and set the following parameters:
► Bar Mode:
• Stacked Mode: Stacked aggregation in sequence, as shown in Figure 5-80 ;
• Grouped Mode: Horizontal grouping with the results of the lowest-priority sub-aggregation. In the above example, Split Bar is used as bucket aggregation to perform aggregation calculation, and the effect is as follows:
5. Click Save to complete the current visual view creation.
1. Click Visualization > Bar Chart to select data sources. You can filter out the required data sources by selecting Log Group or Saved Search;
2. Make bar chart visualization editing, and configure parameters as follows:
► Metrics - X axis: One or multiple metric aggregation types can be added;
• Aggregation: Select the type of aggregation for the X axis: Count (default), Avg, Sum, Median, Min, Max, Unique Count, Percentiles, Percentile Ranks;
• Conversion of Units: Set the conversion from original units to target units, and you can enable/disable this function;
• Custom Tag: Set the axis name displayed on the X axis
► Buckets: Classify bucket aggregation on field values according to the selected fields:
• Bucket Type: Y-Axis, Split Bar;
• Aggregation: Available types: Date Histogram, Histogram, Range, Date Range, IPv4 Range, Terms, Filters, Significant Terms.
3. After completing the above configuration, click the
button at the top left to check the visual view on the right, as follows: In the above example, through Y-Axis bucket aggregation, the log data count results are performed with bucket aggregation according to the aggregation field @timestamp. Through Split Bar aggregation, a single columnar bar is divided into columns according to the aggregation field count, and the top 5 count field values are displayed statistically by counting.4. For the generated chart, you can also switch to Option and set the following parameters:
► Bar Mode:
• Stacked Mode: Stacked aggregation in sequence, as shown in Figure 5-80 ;
• Grouped Mode: Horizontal grouping with the results of the lowest-priority sub-aggregation. In the above example, Split Bar is used as bucket aggregation to perform aggregation calculation, and the effect is as follows:
5. Click Save to complete the current visual view creation.
< Previous:
Next: >