Aggregated search operators such as CHART, TOP, and RARE generate charts of search results. The chart drill down feature enables you to quickly filter down to events with specific field values.
You identify the value on a search results chart and click it to drill down to events that match the value.
When you click on a chart value (a column, bar, or donut section), the existing search query is modified to include the WHERE operator with the field name and value, and automatically rerun.
Search results can also be displayed in a chart format. When the user executes a search with a chart operator, Logger delivers a chart along with a correspondent table of events distributed by category. When this format is enabled, view menu bar is replaced with the following icons:
The following chart types are supported by Logger:
Column: It displays a measure as columns.
Bar: It displays a measure as filled bars.
Donut: It is a pie chart with a hole in the center.
Area: It displays a measure as a filled region, similar to a line chart.
Line: It displays a measure as a continuous line.
Stacked Column: The data series are stacked one on top of the other in vertical columns. It allows a comparison of total column lengths.
Stacked Bar: It uses bars to show comparisons between categories. Each bar in the chart represents a unit, and segments in the bar represent different parts or categories of that whole.
Multi-Series Charts:
A multi-series chart combines multiple aggregation function values along the Y-axis in a single chart . Stacked column and stacked bar charts are available for multi-series search. Donut chart view is grayed out (not available) for this task.
Display Limit:
It limits the amount of events shown in the chart from 1 to 100 charts. To narrow the results, add a number < total number of events in the display limit field. To apply the updates, it is only needed to click enter or click outside the window.