Trends

You’ve likely noticed that when you perform a search, you immediately see a histogram of your logs in the search screen showing total activity during the search timespan. Using trends, you can dive deeper into visually representing your search results by applying different charting and filtering options. Even better, once you’ve built a trend chart you can save it as a widget that can be added to a custom dashboard.

In this section we’ll go over charting options and how to save trends as widgets.

Note that trends can only be activated after you have performed a search. If you need help with that, please refer to the section on performing searches.

Trends Overview

Trend Types

Timeline Trend

The simplest timeline trend is already displayed automatically with every search. It’s a histogram of all indexed log events over some time period. This will be your go to trend type to compare occurrences of log attributes over time.

Within the Trends panel, it’s possible to graph both the count of events over time and statistical values over time.

In this example, the blue chart shows the processing rate over time with a small spike at 22:29.
Trends Timeline

Adding additional time series

Click on the orange button to add additional series to your time series trend. Where your default chart may have been a simple count of all events, you can now add additional series that correlate log attributes against each other. You’ll use the same definition fields as above to format additional series.

Pie Chart

Pie trends allow you to see the proportional occurrence of all values of one log attribute across your search results. In a pie chart, each sector of the pie represents one value of the chosen log attribute (field). For example a pie chart could represent all instances of the field “level” which can have one of several actual values (“INFO”, “WARN”, “ERROR”, etc.). All fields are represented.

Trends Pie

Bar Chart

Bar charts are functionally the same as pie chart. Here, the visual representation of the log attribute values are horizontal bars instead of pie segments.
Trends Bar

Single Value

You can use a single value trend to see a single statistic such as average.
In this example, we’re showing the average processing rate over our selected time range.
Trends Single Value

General Functionality for Trends

Adding a new Trend

Once you have your search results click on the “Trends” button (located under the histogram) to open the trends view. Choose a trend type from the display and you’ll be off and running.
Trend Types

Choosing a Trend Type and Switching Trends

Once in the trends screen the “Trend Type” selector will default to the type you selected on the cover screen. At any time you can switch trend types and begin developing a new trend with your search data. All of your trend settings will be maintained until you either (1) select “Start Over”, (2) close your search window or (3) close your Loggly session.

Creating a Widget from a Trend

Paid accounts have the added benefit of saving custom widgets to dashboards. The orange “Save as Dashboard Widget” button allows you to create a widget from the trend you are currently viewing. You can give your new widget a name and description in the “Save Trend” dialog box. See the Dashboard Overview section to learn more about create custom dashboards and add widgets.

Trend Attributes

Each trend type (pie, bar, etc.) is defined by a set of attributes and values. In this section we’ll define all the attribute types used for trends. In the next section we’ll define all the trend types you can create and which attributes they take.
Trend Attributes

1. Series Color
The series color is displayed on the left. As you add additional series to the trend, new colors will be chosen. You can select a different palette if you like.
2. Series Order
You can change the order of several stacked series by dragging them with your mouse above or below the other series. Changing series order is useful if your series are represented by different chart types. Changing the order can preserve readability by say keeping a line series in front of an area series.
3. Numeric Field
The most basic trend is a count of events over time. Event counts require no manipulation of the data value itself. However, with certain trend types, Loggly can show calculated results from your search data. For example, we can show the maximum, minimum or average of a field value over time across your search results within certain trend types. This type of result can only be produced for fields that are represented with numerical data. Loggly automatically filters the fields with numerical data and shows them here. If you’re sending JSON data, be sure that numerical values aren’t quoted.
4. Statistic
If numerical data is available, you can choose the type of manipulation with this field. The supported methods for numeric fields are: Count of Events, Sum, Average, Maximum, and Minimum.
5. Split by
This field allows you to segment out your series data by field. You can only split by non-numeric fields, such as string categories. This is useful for comparing the occurrence of different log attributes over time. The list is populated by the values of your parsed fields. Note that if we cannot fully parse your logs, you will have fewer (or no) other fields to choose from. Note that using the “Split by” field produces different visual results depending on the trend type.
6. Chart type
This attribute applies only to time series and single value trend types. Time series trends can represent data in one of the four ways (1) Line chart with data points, (2) Area chart, (3) Bar chart and (4) Single value.
7. Series Deletion
Click on the “X” icon to delete your series from your trend. This is supported by trend types that can display multiple series.

Statistics

As system events help identify issues and provide insight their possible causes, statistics are valuable in identifying trends and providing administrators an overhead view on the multiple circumstances that cause system issues.

By using the statistics feature, you are able to select one of multiple operator types to view the corresponding details.

To to view and sort by statistics.

1. In the search page, after selecting the ‘trend’ view select the ‘Timeline’ chart type.

TimeLine

2. When in the Timeline chart, you are able to select Statistics and view the various operators:  

  • Sum – Addition of all numbers in the selected field in the set of events matching the query.
  • Average – Sum of all numbers divided by the count of all the numbers.
  • Maximum – Largest value in the set of events.
  • Minimum – Lowest value in the set of events.
  • Variance – How far a set of numbers within the set of events are spread out.
  • Standard Deviation – The square root of the variance.
  • Sum of Squares – Another way to identify variation within the set of events.
  • Percentile – The value below where the selected percentage of events falls.

 

Thanks for the feedback! We'll use it to improve our support documentation.


Top