Analytical dashboards focus on gaining insights from a volume of data collected over time – often the past month or quarter – and use this to understand what happened, why, and what changes should be made in the future. By analyzing logs, IT security staffs can catch some suspicious symptoms and plan secure measures.
Analystic Dashboard - Building Stacked Histogram Chart
Data that is arranged in columns or rows on a worksheet can be plotted in a Stacked Histogram Chart. Stacked Histogram Charts are useful for showing data changes over a period of time or for illustrating comparisons among items.
Consider using a Stacked Histogram Chart when:
You have one or more data series that you want to plot.
You want to compare the data for numerous categories side by side.
You can use a Stacked Histogram Chart type when you have categories that represent:
Ranges of values (for example, item counts).
Specific scale arrangements (for example, a Severity scale with Info, Notice, Error, Alert, Critical).
IP that are not in any specific order (for example, Source.IP, Destination.IP, or EventSource.IP).
So, let's build a Stacked Histogram Chart sample.
1. Go to Dashboard > Add Widget and select Stacked Histogram Chart icon.
2. Click "Next" and provide required information. The panel description is as below. Basically, Stacked Histogram Chart is consisted of properties and it's count value. Therefore, selecting a proper Grouped Column is a key to present your dashboard graph.
- Title: The title presents the customized dashboard name
- Information Source: Information Source is a source where the information will be forwarded. In Logsign, there are 4 sources such as Reports, Alerts, Captive Portal, and Logsign Event. Obviously, Reports source is the source that send information of the reports class in Logsign. Alerts is the source that related with the alert class. Captive Portal is the source of hotspot class. Logsign Event is the source of the Logsign web interface events.
- Time Column: This is already specified as Time Generated. This is one of time attributes that log will be shown up on the dashboard.
- Grouped Column: Grouped Column is the fiducial value indexing the series of information on a dashboard.
- Grouped Column Oder Type: Grouped Column Order types is the way of order in chart presentation.
- Refresh Time: Refresh time is the number of times in seconds or minutes that a display dashboard updates its information.
- Query: By querying some conditions, you will be able to narrow down the result you want.
- Rows Per Page: The rows will be displayed in a dashboard
- Index Time: The time span from when dashboard receives new data to when the data is written to a dashboard.
3. Click "Next" and set the panel size.
Now, you can see the dashboard that you have create on custom container.