com.atlassian.confluence.content.render.xhtml.migration.exceptions.UnknownMacroMigrationException: The macro 'html' is unknown.

Generating the Graphical Distribution of the Search Results

Owned by Omry Koschitzky
May 06, 2013

Running a search query returns a graph that shows the distribution of events over time. You can determine the display mode and contents of the graph. The graph has drill-down functionality, enabling you to zoom into any time period, and run the same search on that time period (see Zooming In / Out of a Time Period). It also enables you to hover over a bar or line graph to see the source of events and drill down to see the exact events in any log. 

XpoLog Search enables you to generate a graph of the distribution of events in a bar chart (the default), line chart, or pie chart. These charts can be displayed in different visualizations, using the toolbar icons and features.

Detected problems are displayed on the time axis of the graph, enabling you to augment the search with a problem (see Augmenting a Search with Detected Problems).

Generating a Bar Chart

In a bar chart (also called a column chart), a bar appears at each point in time where events were found to match your search query. The height of each bar is according to the number of events that occurred at the specific time. A bar does not appear at times when no events matching your search query occurred.

A bar chart can be displayed in different visualizations:

  • Split View – At any point in time where events were found, a vertical bar appears for each log (default) in the system that is the source of events. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers. The number of bars at a certain time is equivalent to the number of logs (or applications or servers) that were the source of events at that time.
  • Stack View – At any point in time where events were found, a horizontal bar appears for each log (default) in the system that is the source of events. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers. The number of stacked bars at a certain time is equivalent to the number of logs (or applications or servers) that were the source of events at that time.
  • Summary View – the default; At any point in time where events were found, a single vertical bar appears for events from all log, application, or server sources in the system.

To generate a Summary View bar chart:

  • In the Graph Toolbar, on the right, click the Bar Chart button.

To generate a Split View bar chart:

  • In the Graph Toolbar, on the right, click the Bar Chart button, and on the left, click the Split View button.
    Vertical color-coded bars appear parallel to each other for each log (default) in the system. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers.
    A legend appears on top of the graph, showing the color that represents each entity (log, application, or server).  

To generate a Stack View bar chart:

  • In the Graph Toolbar, on the right, click the Bar Chart button, and on the left, click the Stack View button.
    Horizontal color-coded bars appear parallel to each other for each  log (default) in the system. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers.
    The legend appears on top of the graph, showing the color that represents each entity (log, application, or server). 

Generating a Line Chart

A line chart shows how the number of events matching the search query changed from one point in time to the next.

A line chart can be displayed in different visualizations:

  • Split View – the default: A line appears for each log (the default) defined in the system. You can instead show a single line for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers.
  • Summary View – A single line represents all entities in the system (logs, applications, and servers) that have events.

To generate a split view line chart:

  • In the Graph Toolbar, on the right, click the Line Chart button.
    An individual line is drawn to show the distribution of events in each log (default) in the system. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selection box, Applications or Servers.
    A legend appears on top of the graph, showing the color that represents each entity (log, application, or server).   

To generate a summary view line chart:

  • In the Graph Toolbar, on the right, click the Line Chart button, and on the left, click the Summary View button.
    A single line is drawn to show the distribution of events in the entire system.

Generating a Pie Chart

A pie chart shows the distribution of events over the applications, logs, or servers of the system.

To generate a pie chart:
  • In the Graph Toolbar, on the right, click the Pie Chart button.
    The distribution of events in each log (default) in the system is illustrated in a pie, with each portion of pie shaded in the color representing the log, and in the size relative to the percentage of events. You can instead show the distribution of events for each application or server in the system, by selecting in the adjacent Distribute By selectionbox, Applications or Servers.

Viewing the Distribution of Results in Logs

You can hover over any bar or line in your graph to see the number of matching events that were produced by each log. You can then click any log in the chart, to view the log's events in the log viewer under the XpoLog tab. There, you can see the same information that is displayed as free text in the search result events, in column format.