Customizable event-based analytics

Kaspersky Unified Monitoring and Analysis Platform

Support Send link Get as PDF

Analytics > Widgets > Customizable event-based analytics

Customizable event-based analytics

You can use the Events widget to get the necessary event-based analytics based on SQL queries. Depending on the selected value of the graph type, two or three parameter tabs are available:

—this tab is used to define the widget type and to compose the search for the analytics.
—this tab is used to configure the chart scale. This tab only available for graph types (see below) Bar chart, Line chart, Date Histogram.
—this tab is used to configure the widget analytics display.

The following parameters are available for the Selectors tab:

Graph—this drop-down list is used to select widget graph type. Available options:
- Pie chart
- Bar chart
- Counter
- Line chart
- Table
- Date Histogram
Tenant—drop-down list for selecting the tenant whose data will be used to display analytics. The As layout setting is used by default.
Period—drop-down list for configuring the time period for which the analytics must be displayed. Available options:
- As layout—when this option is selected, the widget time period value reflects the period that was configured for the layout. This option is selected by default.
- 1 hour—receive analytics for the previous hour.
- 1 day—receive analytics for the previous day.
- 7 days—receive analytics for the previous 7 days.
- 30 days—receive analytics for the previous 30 days.
- In period—receive analytics for the custom time period. The time period is set using the calendar that is displayed when this option is selected.
  The upper boundary of the period is not included in the time slice defined by it. In other words, to receive analytics for a 24-hour period, you should configure the period as Day 1, 00:00:00 – Day 2, 00:00:00 instead of Day 1, 00:00:00 – Day 1, 23:59:59.
Show data for previous period—a toggle button that lets you enable the display of data for two periods at the same time, including data for the current period and for the previous one. This can be useful for assessing change dynamics.
Storage—the storage where the search should be performed.
SQL query field—here you can enter a search query that is equivalent to filtering events using SQL syntax.
For Event widgets, you can use the button to open a query builder that is equivalent to the event filter builder parameters:

Description of query builder parameters
- SELECT—use these fields to define the event fields that must be extracted for analytics. The number of available fields depends on the selected widget graph type (see above).
  In the left drop-down list you can select event fields from required for analytics.
  
  The middle field displays what the selected field is used for in the widget: metric or value.
  
  When the Table widget type is selected, the values in the middle fields become available for editing and are displayed as the names of columns. Only ANSII-ASCII characters can be used for values.
  
  In the right drop-down list you can select how the metric type event field values must be processed for the widget:
  - count—select this option to count events. This option is available only for the ID event field.
  - max—select this option to display the maximum event field value from the event selection.
  - min—select this option to display the minimum event field value from the event selection.
  - avg—select this option to display the average event field value from the event selection.
  - sum—select this option to display the sum of event field values from the event selection.
- SOURCE—this drop-down list is used to select the data source type. Only events option is available for selection.
- WHERE—this group of settings is used to create search conditions:
  In the left drop-down list you can select the event field you want to use as a filter.
  
  In the middle drop-down list you can select the required operator. Available operators vary based on the chosen event field's value type.
  
  In the right you can select or enter the value of the event field. Depending on the selected event field value type, you may have to input the value manually, select it in the drop-down list, or select it on the calendar.
  
  You can add search conditions using the Add condition button or delete them using the button with the cross icon.
  
  You can also add group conditions using the Add group button. By default, groups of conditions are added with the AND operator. However, you can switch the operator by clicking the operator name. Available values: AND, OR, NOT. Group conditions are deleted using the Delete group button.
- GROUP BY—this drop-down list is used to select the event fields for grouping events. This parameter is not available for Counter graph type.
- ORDER BY—this drop-down list is used to define how the information from search results is sorted in the widget. This parameter is not available for Date Histogram and Counter graph types.
  In the left drop-down list you can select the value, metric or event field to use for sorting.
  
  In the drop-down list on the right, you can select the sorting order: ASC for ascending or DESC for descending.
  
  For Table-type graphs, you can add sorting conditions by using the Add column button.
- LIMIT—this field is used to set the maximum number of data points for the widget. This parameter is not available for Date Histogram and Counter graph types.
Example of search conditions in the query builder

Search condition parameters for the widget showing average bytes received per host

Aliases must not contain spaces.

The following parameters are available for the Actions tab:

The Y-min and Y-max fields are used to define the scale of the Y-axis. The Decimals field on the left is used to set the rounding parameter for the Y-axis values.
The X-min and X-max fields are used to define the scale of the X-axis. The Decimals field on the right is used to control rounding of the X-axis values.
Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.
Line-width and Point size fields are available for Line chart graph type and is used to configure the plot line.

The following parameters are available for the wrench tab:

Name—the field for the name of the widget. Must contain from 1 to 128 Unicode characters.
Description—the field for the widget description. You can add up to 512 Unicode characters describing the widget.
Color—the drop-down list to select the color in which the information is displayed:
- Default—use your browser's default font color.
- green
- red
- blue
- yellow
Horizontal—turn on this toggle switch if you want to use horizontal histogram instead of vertical. This toggle switch is turned off by default.
When this option is enabled, when a widget displays a large amount of data, the horizontal scrolling will not be available and data will be fit into the widget window. If there is a lot of data to display, it is recommended to increase the widget size.
Show legend—turn off this toggle switch if you don't want the widget to display the legend for the widget analytics. This toggle switch is turned on by default.
Show nulls in legend—turn on this toggle switch if you want the legend for the widget analytics to include parameters with zero values. This toggle switch is turned off by default.
Decimals—the field to enter the number of decimals to which the displayed value must be rounded off.
Period segments length (available for Date Histogram graph types)—drop-down list for selecting the duration of the segments into which you want to divide the period.

Article ID: 217867, Last review: Mar 27, 2024

Page top