Versions Compared

Old Version 1

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

compared with

New Version Current

changes.mady.by.user Juan Tomás Alonso Nieto

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Rw ui steps macro
Rw step

Go to Data Searchsearch and open the required table.

Rw step

Perform the required operations to get the data you want to use in the chart.

Note

Missing required data

(warning)

If your table does not contain fields representing a pair of latitude and longitude values in integer or float format, you can use the operations in the Geolocation group to create latitude and longitude fields based on existing data in your table.

For example, you can add to your table the latitude and longitude values corresponding to a set of IP addresses using the Geolocated Latitude (mmlatitude) and Geolocated Longitude (mmlongitude) operations.

(warning)

Rw step

Click the gear icon on the toolbar and select Charts → Maps → Google Animated Heat Mapanimated heat map.

Rw step

Click and drag the column headers to the corresponding fields. This chart requires you to select the following fields:

Required Field

Data Type

Latitude

float, integer, duration

Longitude

float, integer, duration

Size/Color

float, integer, duration

Rw step

The Google animated heat map has been built. 

Image RemovedImage Added

Working with Google animated heat maps

...

You can hit the following keys to perform different visualization actions:

Shortcut keys

Description

Status
subtletrue
titlew

Increases the radius of the heat points representing locations and values.

Status
subtletrue
titles

Decreases the radius of the heat points representing locations and values.

Status
subtletrue
titlea

Increases the color gradient for temperature representation. This will change the color scale for another with a different base color and number of colors to represent the lowest/coldest and highest/warmest. When you get to the las available gradient, pressing the key will go back to the first.

This might be useful when the values are very similar and belong to the same range so they would be represented in the same or very similar color. This way we might be overlooking the differences in the values because of the lack of contrast and changing the gradient could help so that the values would be represented differently.

Status
subtletrue
titlel

Applies a logarithmic operation to normalize the data, which will be reflected in the heat points represented on the map. This might be useful when some values are too far from the general range so normalization is needed for a more cohesive representation. 

Status
subtletrue
titlet

Applies an arctangential operation to normalize the data, which will be reflected in the heat points represented on the map. This might be useful when some values are too far from the general range so normalization is needed for a more cohesive representation. 

Status
subtletrue
titlen

Resets configuration to revert the applied operations.

Status
subtletrue
titlef

Toggles the display of the daylight animation.

Status
subtletrue
title+

Increases the speed of the animation.

Status
subtletrue
title-

Decreases the speed of the animation.

Status
subtletrue
titleg

If you have your data grouped by period, it shows the first period.  For example, if your query groups data every 30 seconds press G to see the data bubble for the first 30-second period.

Status
subtletrue
title0-9

If you have your data grouped by period, it shows previous periods. For example, if your query groups data every 30 seconds press 0-9 to see the data bubble for the previous 30-second periods.

Status
subtletrue
title?

Shows/hides the list of shortcut keys.

Status
subtletrue
title+ / -

Zooms in/out on the map.

Status
subtletrue
title← / ↑ / → / ↓

Moves the map in the direction of the arrow.

Query example

You can recreate the example shown in the gif above with the data from the following query as mapping the fields as follows:

Query

Required field

Column added

Code Block
from siem.logtrust.web.activity
select ip4(srcHost) as ipHost,
mmlatitude(ipHost) as latitude,
mmlongitude(ipHost) as longitude
  group every 15m by longitude, latitude, responseTime
  every 1h

...

Column added

Required field

Latitude
latitude
Longitude
longitude
Size/Color
responseTime
...