Cross-Search Line Chart
Overview
The Cross-search line chart lets you combine data from two separate tables to create a graph that compares similar data side by side in the form of a vertical bar/line graph.
What data do I need for this widget?
In order to generate the cross-search line chart, you need to run at least two queries with at least a numerical column in common. Furthermore, those queries need to have the data grouped and aggregated for the diagram to show meaningful data.
Creating the Cross-Search Line Chart
Work with your Cross-Search Line Chart
Once the diagram is constructed, you can work with it using the options that appear when you click the Configure Chart button at the top right corner of the chart window . These options coincide with those of the chart aggregation so if you want to know more about them you can check the Customizing your chart aggregation section of the chart aggregation article.
Save your Cross-Search Line Chart
You can save your cross-search line charts to access them again for further analysis without having to construct them again. Select the save icon at the top right corner of the graph window and give it a name. To know how to access and manage them, check the save cross-search charts section of the graphical correlation article.
Query example
You can use the following queries to recreate the example shown in the images above:
from siem.logtrust.web.activity
group every 5m by country
every 5m
select count() as count
from siem.logtrust.web.activity
group every 5m by country
every 5m
select count() as count