The chart is a graphical representation of data, in which the data is represented by symbols, such as columns in a column chart, lines in a line chart, or slices in a pie chart. Charts are often used to ease understanding of large quantities of data and the relationships between parts of the data.
Visualizing your Search Results
You can plot the results of your Loggly search query and tailor it to visualize the search data in graphical form, such as on a bar or line chart. After logging into your Loggly account, click on the Charts tab to access charts available to you. To create a new chart, click on the “+ New Chart” subtab.
You can monitor your most important charts by adding them to your dashboard.
Create a Chart
To create a chart go to the Charts page and click on “+ New Chart”. A popup window will open where you can provide a name for this new chart. The chart name is unique to each owner of the chart so different team members can have the same name for different charts without conflict.
Loggly supports several different chart types so data can be displayed the way you want.
Time Series Charts
The line chart is represented by a series of data points connected with a straight line. Line charts are most often used to visualize data that changes over time. Here is an example of a Line chart plotted in Loggly.
When to use Line charts
Line charts are easy to use and visualize time series data. Line graphs are useful when:
- Monitoring specific metrics from one source or multiple sources. For example: Average latency across your web servers
- Monitoring all related metrics sharing similar units. For example: Maximum latency for all your disk operations such as disk reads and disk writes.
- Monitoring metrics that have a clearly defined acceptable thresholds. For example: Latency of user requests on your website.
- Monitoring the same metric across different devices or servers. For example: CPU utilization on each production server.
- Monitoring metrics where individual values from a specific resource is important. For example: Heap size on each machine.
Just like Line charts, Area charts are easy to use and visualize time series data. However, the different values are represented by two-dimensional bands instead of lines. Data from different time series is summed together and stacked. Area charts are difficult to interpret when there are too many data series. For example, if each area is just a few pixels or a thin line, then it is hard to identify important trends.
When to use Area charts
Area charts are useful when:
- Monitoring the same metric across different devices or servers. but stacked. For example: User requests on each production server.
- Monitoring similar metrics for same device or server with similar units. For example: CPU utilization metrics (user, system, idle, etc.)
Here is an example of an Area chart in Loggly.
Column charts can also be used to visualize time series data. In Loggly, the most prominent example of the Column chart is an All Events Histogram on the Search page. It allows you to visually identify a trend across your time series data.
In a stacked Column chart, each column represents the sum of the values for that time interval. In each column, each stack represents the values for a different category. Therefore, this feature makes a Column chart very useful when visualizing counts over a period of time, especially sparsely distributed metrics. Like Area charts, they naturally accommodate stacking and summing of data values. In Loggly, Column chart can be stacked by checking the ‘stacked’ check box.
When to use Column Charts
- Monitoring errors from IoT (Internet of Things) devices. For example: Sensors that send data sporadically.
- Monitoring count of specific metrics. For example: User logins, User transactions, etc
Here is an example of a Column chart in Loggly.
A Point chart consists of various points (or dots) that commonly represent a large quantity of data and can be used to locate trends or averages.
Non time series charts
A Bar chart is a chart that presents grouped data with bars whose lengths are proportional to the values that they represent. Bar charts are useful to compare categories. One axis of the chart shows the specific categories being compared, and the other axis represents a discrete value.
Pie chart divides data into slices to illustrate numerical proportion. In a pie chart, the arc length of each slice (and consequently its central angle and area), is proportional to the quantity it represents.
Single Value Chart
Single value chart is useful for displaying the results of a query that returns only a single record, in order to make that value stand out at a glance. You could also do conditional formatting of the text color by specifying a threshold value. This will allow you to quickly understand if the value is under the limit or outside of the limit.
Anomaly detection is an algorithmic feature that allows you to identify when a metric is behaving differently than it has in the past, taking into account trends, seasonal day-of-week and time-of-day patterns. It is well-suited for metrics with strong trends and recurring patterns that are hard or impossible to monitor with threshold-based alerting.
Let’s look at the various settings for these chart types in detail.
Groups: Groups are a logical way to organize your chart data. Group 1 is the default group. Below are some settings that you can manipulate to create your chart. All data series in a single Group has the same chart type. To overlay a Line chart over a Column chart, create Group 1 with Line chart and add a second group, Group 2, with Column chart. You can create multiple groups to produce more data rich charts. Group 1 is the default group. To add additional groups, click on the “+” symbol. This will add a second group below the group 1 and so on.
Chart type: You can select the chart type to visualize your data for this group.
Split by: Split by creates data series automatically for you. You can split the data based on different hosts, applications, tags, and logtype, among others.
Theme: This option allows you to specify the colors to be used when data series are automatically created based on Split By. You can select a color theme for a Group by selecting from a list of different color themes. If no selection is made, then the chart will use the Default Theme.
Stacked: To stack the results, check the “Stacked” check box. Multiple time series can be summed together simply by stacking the bands.
Value type: This option allows you to specify what data you are plotting. The four values are Event Count, Perentile, Statistics and Value. The default is Event Count.
Source Groups: If you have not selected a specific source group for the search in the drop down next to the search field, you may select a particular source group for each group. You can select a different source group for the each group.
Numeric Field: When you select Statistic as the Value Type, you must specify which numeric field you wish to plot.
Numeric Field Operators: When you select Statistics as Value Type, you can select the operator to be used. Supported operators include sum, average, maximum, minimum and standard deviation.
Sort by: You can sort the data in ascending or descending order by the value or label of a field. This ordering allows you to specify which data series will be displayed on the chart. For example, to see the top 5 status codes for apache.status in the last hour you would select value (desc), for descending. The displayed data will depend upon the “Limit to” value selected as below.
Limit to: This option allows you to specify the maximum number of data series displayed on the chart. You can select a value from 1 to 50. The default value is 10.
Show other: The Other category is an aggregation of all the results that are not directly displayed on the chart. Selecting the “Show Other” option allows you to display this aggregated category on the chart. By default, this option is selected.
Advanced: The Advanced option allows you to add a search term to customize the chart even more.
Hide/Unhide: Clicking on the eye icon will hide or unhide this group in the chart.
Collapse/Uncollapse: Clicking on the collapse/uncollapse icon can be used to hide or reveal the Group settings to create additional working area on the screen.
Add a new group: You can create multiple groups to produce more data rich charts. Group 1 is the default group. To add additional groups, click on the “+” symbol.
Add a new data series: In order to add a new data series, click on the “+” icon to add another series.
Find series to pin: To always include a specific data series in your chart, you can find that data series and pin it. This feature is useful when your data has high cardinality and you would like to ensure a specific data item is displayed regardless of its value. For example, if you have 100 hosts and you would like to display errors for only 10 hosts, and you would like one specific host, say host_24, to always be displayed in the chart, regardless of its value, you can use this setting to find and pin that specific host. Once pinned, host_24 will always be present in the data series that are included on the chart even if host_24’s data is zero.
Note: The setting “Limit to” determines how many data series will be displayed on the chart. If this value is 10 and you have pinned, say, 4 data series, then 6 other non-pinned data series will be included on the chart. If you would like more than 6, then you should increase the “Limit to” value to greater than 10. You can set this value between 1 and 20.
To pin a point in time, the data table is automatically displayed. When you move the cursor through different areas on a chart, the plot line under the cursor is highlighted, and the detail line for that plot line is highlighted. Just as hovering over a plot line highlights a line in the data table, hovering over a line in the data table highlights the corresponding plot line on the chart.
Timeshift: The Timeshift function allows you to compare the chart data in a data series with a previous time range. So basically this function allows you to compare the metric by adding a shift in the time range to show how the metric performed at an earlier period. You could choose a time shift of 1 hour, 1 day or 1 week. The Timeshift function is available for each data series that you add to the chart.
Using the Timeshift function to understand trends
In infrastructure and application monitoring, the trend of a metric (the rate at which it is changing) is frequently of greater interest than the absolute value of the metric itself. For example, it might not be meaningful to know that your disk is 50% utilized, but you might care to know that the utilization has doubled consistently for the past 10 minutes, as that might indicate that the system is trending towards failure. The Timeshift function allows you to compare the chart data in a data series with a previous time range.
Once you are satisfied with your chart you can save it for future use and share with other team members. You can set permissions to view or edit a chart by clicking on the share icon, shown circled in the image below.
View permission: Allow other users in your account to view a saved chart.
Edit permission: Allow other users in your account to rename a chart, edit various chart settings, and transfer ownership of a saved chart.
Admins can edit any chart in your account chart library.
Add a chart to dashboard
You can add a chart to your dashboard by clicking on the dashboard icon, shown circled below.
A popup window will open where you can select the dashboard on which you want a chart to be displayed. Select a dashboard and click on “Save & add to dashboard.”
Alternatively, you could also go to the Dashboard page and add the chart from there.