Bubble chart
- Juan Tomás Alonso Nieto (Unlicensed)
- Borja Moro Moreno
Overview
This chart displays three dimensions of data over an X-Y chart, where X and Y are the first 2 dimensions. The third dimension is represented by the disk, whose diameter is proportional to the value of the third parameter.
What data do I need for this widget?
The option to create this chart will be disabled unless your query contains at least three columns, one with numeric values.
Creating a bubble chart
Go to Data Search and open the required table.
Perform the required operations to get the data you want to use in the chart.
- Click the gear icon on the toolbar and select Charts → Plots → Bubble Chart.
Click and drag the column headers to the corresponding fields. This chart requires you to select three fields:
Required field Data type X-axis Any type but json Y-axis Any type but json Bubbles size float, integer, duration Partitioning (optional) string The Partitioning field is optional and can be used to partition the bubbles into columns on the plane.
- The bubble chart is displayed.
Working with bubble charts
Hover over a bubble to see the combination of values it represents.
Click the sliders at the top of the chart to operate with the following options:
- If your data is updated in realtime, the realtime toggle will appear at the top left. Activate it to update the chart with the new incoming data or deactivate it to keep the latest available data up to that moment.
- By period: If your data is grouped using a temporal option, activating this option will activate the visualization of the results per period. The period shown by default upon activation will be the latest available in the specified time range. When deactivating this option, the chart will show the results for the whole time range.
- Legend: Activating and deactivating this option will show and hide the partitioning legend at the bottom.
You can hit the following keys to perform different visualization actions:
| Shortcut key | Description |
|---|---|
← | If the by period option is activated, displays the data from the previous period. For example, if your query groups data every 30 seconds press the left arrow to see the data bubble for the previous 30-second period. |
→ | If the by period option is activated, displays the data from the following period. For example, if your query groups data every 30 seconds press the right arrow to see the data bubble for the next 30-second period. |
? | Shows/hides the list of shortcut keys. |
Query example
You can recreate the example shown in the picture above with the data from the following query and mapping the fields as follows:
from siem.logtrust.web.activity
| Required field | Column added |
|---|---|
| X-Axis | contentLength |
| Y-Axis | responseLength |
| Bubbles size | responseTime |
| Partitioning | city |
In case you want an example with the data grouped by period, here is another query to construct another bubble chart:
from siem.logtrust.web.activity group every 5m by contentLength, responseLength, responseTime, city every 5m
| Required field | Column added |
|---|---|
| X-Axis | contentLength |
| Y-Axis | responseLength |
| Bubbles size | responseTime |
| Partitioning | city |