Visualizations¶
Pie Chart¶
* | groupBy(status) | piechart()
* | groupBy(image) | count() | piechart(limit=5)
Bar Chart¶
* | groupBy(user) | count() | barchart()
* | groupBy(status) | barchart(limit=10)
Graph (Relationship View)¶
* | table(process_guid, parent_process_guid) | graph(child=process_guid, parent=parent_process_guid)
* | graph(child=process_guid, parent=parent_process_guid, limit=200)
Both child= and parent= are required. Max limit is 500.
Single Value¶
Display a single aggregate statistic as a large number. Requires an aggregation function and cannot be combined with groupBy().
* | count() | singleval()
* | avg(response_time) | singleval(label="Avg Response Time")
Parameters¶
| Parameter | Required | Description |
|---|---|---|
label |
No | Text displayed below the value. Defaults to the aggregation field name. |
Time Chart¶
Render a time series line chart. Buckets events into time intervals and applies an aggregation function.
* | timechart(span=5m, function=count())
* | timechart(span=1h, function=avg(response_time))
Combine with groupBy() for multi-series charts (one line per group):
* | groupBy(status) | timechart(span=5m, function=count())
Parameters¶
| Parameter | Required | Description |
|---|---|---|
span |
No | Bucket interval. Supports s, m, h, d, w. Default: 5m. |
function |
No | Aggregation function to apply per bucket: count(), sum(field), avg(field), max(field), min(field). Default: count(). |