Bubble chart
- Juan Tomás Alonso Nieto (Deactivated)
Overview
This chart displays three dimensions of data over an X-Y chart, where X and Y are the first 2 dimensions. The third dimension is represented by the disk, whose diameter is proportional to the value of the third parameter.
What data do I need for this widget?
The option to create this chart will be disabled unless your query contains at least three columns, one with numeric values.
Creating a bubble chart
Working with bubble charts
Hover over a bubble to see the combination of values it represents.
Click the sliders at the top of the chart to operate with the following options:
If your data is updated in realtime, the realtime toggle will appear at the top left. Activate it to update the chart with the new incoming data or deactivate it to keep the latest available data up to that moment.
By period: If your data is grouped using a temporal option, activating this option will activate the visualization of the results per period. The period shown by default upon activation will be the latest available in the specified time range. When deactivating this option, the chart will show the results for the whole time range.
Legend: Activating and deactivating this option will show and hide the partitioning legend at the bottom.
You can hit the following keys to perform different visualization actions:
Shortcut key | Description |
|---|---|
← | If the by period option is activated, displays the data from the previous period. For example, if your query groups data every 30 seconds press the left arrow to see the data bubble for the previous 30-second period. |
→ | If the by period option is activated, displays the data from the following period. For example, if your query groups data every 30 seconds press the right arrow to see the data bubble for the next 30-second period. |
? | Shows/hides the list of shortcut keys. |
Query example
You can recreate the example shown in the picture above with the data from the following query and mapping the fields as follows:
from siem.logtrust.web.activityRequired field | Column added |
|---|---|
X-Axis | contentLength |
Y-Axis | responseLength |
Bubbles size | responseTime |
Partitioning | city |
In case you want an example with the data grouped by period, here is another query to construct another bubble chart:
from siem.logtrust.web.activity
group every 5m by contentLength, responseLength, responseTime, city
every 5mRequired field | Column added |
|---|---|
X-Axis | contentLength |
Y-Axis | responseLength |
Bubbles size | responseTime |
Partitioning | city |