Dependency wheel widgets
- Borja Moro Moreno
About dependency wheel widgets
The Dependency wheel is used to organize and display data according to relations or dependencies between a source and a target. These dependencies are measured using points of interconnection determined by the number of times both source and target connect.
The data is arranged radially, with the source and target values represented as segments in the circle and the relations as arcs connecting them. The size of both segments and arcs is proportional to the flow quantity or weight, which is determined by the metric used.
This type of chart is commonly used to sort parameters into groups, based on their natural relationships.
What data do I need for this widget?
If the source query groups events, it must group by at least two elements that will serve as source and target for the dependency. It also must contain an aggregated value for each group (count, average, maximum, mean, etc.) to serve as the metric to determine the proportions of the dependencies.
If the source query does not group events, you can select any of the query fields as source and target but you must select a numeric field to serve as the weight for the dependencies. In this case, it is the sum of all values that will be used for the representation.
You can change this at any time in the widget's visual settings.
Widget settings
To edit the widget settings, you must first activate Edit mode.
Click the widget title bar to open its settings. Alternatively, the settings are accessible via the Ellipsis icon → Properties. The widget settings are contained in three tabs: Data, Visual, and Raw.
The settings in the Data and Raw tabs are described in the Create a widget article. These are the Visual settings for the dependency wheel:
Category | Setting | Description |
|---|---|---|
Fields | Source | The values of the field selected will be used to draw the segments of the circle that serve as the starting point for the links. The color assigned to the each source segment will be also assigned to the links departing from it. If your query groups events, you can choose between the grouping elements. If it doesn’t, you can choose any field in the query. |
Target | The values of the field selected will be used to draw the segments of the circle that receive the links. If your query groups events, you can choose between the grouping elements. If it doesn’t, you can choose any field in the query. | |
Weight | The values of the field selected will be used to determine the proportions of the links, and thus the proportions of the segments. If the query groups events, you can choose between the different aggregations added. If it doesn’t, you can choose any numeric field in the query, and the sum of its values will be the metric used. |
Tips for using a dependency wheel
Here are a few tips to get the most out of your dependency wheel.
Move your mouse over a segment in the chart to display a tooltip with the value it represents and the total weight of all the links connected to it. All the links connected to it will be highlighted in the chart and the rest of them dimmed down to help you identify it.
You can recognize it as a source or target by the color of the links connected to it. Different link colors means it is a target while same link colors means it is a source.
Move your mouse over a link in the chart to display a tooltip with the source-target combination and the weight it represents. The link will be highlighted in the chart and the rest of them dimmed down to help you identify it.
Query example
This is the source query used and the fields mapped to generate the widget shown above:
query(from siem.logtrust.web.activity
where isnotnull(city)
where isnotnull(method)
where not isempty(city)
group every 1h by method, city
select count() as count)Source | city |
|---|---|
Target | method |
Weight | count |
This is the source query used and the fields mapped to generate another example without grouping events:
query(from siem.logtrust.web.activity
where isnotnull(city)
where isnotnull(method)
where not isempty(city)
)Source | city |
|---|---|
Target | method |
Weight | responseTime |
Â