Calendar heatmap widgets
- Borja Moro Moreno
About heatmap widgets
This widget displays a grid that represents a calendar, with months on an axis, days of the week on the other, and each cell corresponding to a day. Values are plotted on the chart using a color scale varying between the maximum and minimum values of the analyzed variable.
This type of chart is useful to visualize activity over the course of a long span of time and easily spot anomalous or significant data peaks. It is also useful to illustrate how some quantity varies depending on the day of the week, or how it trends over time.
What data do I need for this widget?
The source query must contain at least two fields, one of them with timestamp values and the other with numerical values, which will be automatically recognized and displayed in the diagram. If the query contains more than two, the first of each type will be selected automatically although you can change the selection in the widget's visual settings, as explained below.
If your query groups events, make sure you use a time grouping or include a timestamp field as grouping key, otherwise, you will not have the necessary timestamp field to create the calendar.
For a significant analysis of the data over time, make sure you select the adequate time range.
Optimizing your query
To prevent memory exhaustion and excessive loading times, your query must group events using only the grouping keys you intend to analyze.
For an even more efficient result, the time setting for your grouping must be one day.
Widget settings
To edit the widget settings, you must first activate the Edit mode.
Click the widget title bar to open its settings. Alternatively, the settings are accessible via the Ellipsis icon → Edit. The widget settings are contained in three tabs, Data, Visual, and Raw.
The settings in the Data and Raw tabs are described in the Create a widget article, while the Visual settings are explained below:
Category | Setting | Description |
|---|---|---|
Fields | Time | Select a timestamp field to use the dates it contains to construct the calendar for the analyzed variable. |
Weight | Select a numerical field to use the values it contains to create a color scale and populate the calendar. This scale is created by aggregating all the values registered for each day and taking the highest and lowest of those aggregated values as opposite ends for the color gradient. Colors range from blue on the low end to red on the high end. |
Tips for using a calendar heatmap
Here are a few tips to get the most out of your calendar heatmap.
Hover over a cell to show a tooltip with the aggregated value for that day. Notice there is also a color point on the legend to indicate the shade inside the scale it corresponds to.
Hover over a point on the legend to show the value corresponding to that specific color shade.
Drag the color sliders on the legend to show less colors on the calendar, hiding those cells with a color that falls outside the custom color range. Notice the sliders change color to reflect the current limit.
Query example
This is the source query used and the fields mapped to generate the widget shown above:
from siem.logtrust.web.activity
group every 1d by responseTime
select count() as countX-axis | eventdate |
|---|---|
Y-axis | responseTime |
Time range | now() - 60d |
This is a variation of the query above, where the count of events is used instead of the responseTime values:
from siem.logtrust.web.activity
group every 1d by responseTime
select count() as countX-axis | eventdate |
|---|---|
Y-axis | count |
Time range | now() - 60d |
Â