Introduction
It is very significant to determine the types of widgets according to the data to be analyzed and the values to be seen. Logsign offers 24 different types of widgets without any limit to be used. All widget types will be reviewed and subject of "How we can create a new dashboard?" will be explained in this document.
Creating Dashboard
Click the "+New Dashboard". A small window will be appeared called as "New Dashboard".
Dashboard Name will be determined and category will be selected.
Next step is adding widgets to fill in the Control Panel that is created. The widget wizard will come up where you can create the Dashboard.
Click "+ button" and select the widget according to the type of event/events that you will perform visual analysis.
Each widget has its own set of features. Working with a Histogram type template to perform a temporal scatter analysis will be more appropriate for the analysis process that you will achieve.
Title: In terms of definition, you need to specify a name. Here, it's used as the IP Analysis headline.
Index: The part where the data to be shown in our widget is determined from which source. You've two options; Indices and Events.
Events; receive data from the logs collected in Logsign.
incident, should be selected for logs generated by incidents in Logsign.
Query: In addition to the Grouped Column query that shape the widget, you can also write Mini Query or manual queries in the Query section in the direction you need. Use the * character here to handle all the logs. In the Select Query From Report section, you can use the queries used in pre-generated reports.
Time Column: The part that shows what time the data has been got.
Grouped Column: This is the part where the column information to be sorted in the widget to be visualized is determined.
Time Interval: Specifies the period of the historical data presented in the graph.
Order Type: This is where the first column of information to be sorted in the widget for visual analysis will be sorted according to which criterion.
Refresh Time: The part where you know how long it will refresh the widget that you'll build.
Rows Per Page: In the widget that you've created, how many lines of information to display on each page is determined.
Multiple Rows Per Page: The information about how many lines of information to display under each result to be displayed in the widget is determined.
Time Range: The logs collected on Logsign are kept in the system called Index for a certain period. The section on how long the information in the widget is removed from the Index system.
Group Data with Pie Chart
While that widget is in the table when the user analyzes the events in the form of “pie slices”, the findings in front will be seen partly.
Bar Chart
While that widget is in the table when the user analyzes the events in the form of “bar”.
Histogram with Sparkline
As the name implies, it is the type of widget on which you can graphically view the temporal distribution of events occurring.
Bandwidth Widget
You can view MB or GB view of the traffic information that the corporation spends in network traffic of the users with Bandwidth Widget.
Table Widget
When performing a visual analysis of the logs collected in the Logsign, you can see the data columns in a chart format. For this kind of analysis, you need the Table Widget.
Scatter Chart
Logsign allows the user to analyze more efficiently with various graphical forms after the necessary events are filtered out. Scatter Chart widget shows the distribution of the events due to some mathematical calculations. It also allows you to view two different data sets using cartesian coordinates. Data; is indicated by dots on the table, and their location varies vertically and horizontally.
Map Widget
It is a map-like Dashboard showing the distribution of events in your system according to countries.
Nested Group
For this example below, you want to see which incident name belongs to which incidents category. Therefore, you'll use the Nested Group Dashboard, where you want to perform the visual analysis; you can see more than one column of information nested.
Since you want to see the Incident categories in the Grouped Column, show the "Action.Object", the object that triggers incidents, the column on the Second Grouped Column side after showing "Alert.Info". Then we put a star (*) query to use alarm lists as Query information.
Number Ticker & Number Ticker Histogram
The number of logs in any system can be seen with the Number Ticker widget.
Another type of the same widget is the Histogram. It can be used while performing time-based analysis.
Tree Map Widget
The examples are used in the Tree Map widget, where you want to perform visual analysis like tree bark. You can switch to a different shell in each curve, subcategories under the main heading of security and attack.
Please note that: If you click each category in the Tree Map widget, you will be taken to the submenu of the main category. You can see which log data sets are under which category on this page.
Since you want to see the log categories in the Grouped Column, write the Alert.Info query on the Second Grouped Column side after writing Time.Generated. Then write DataType:alert Severity.ID:[0 TO 4] query to use alarm lists as Query information.
If you click on each category, you'll see the subcategories.
System Stats (CPU / Disk)
You can view the CPU and Disk status of the Logsign with System Stats widgets. Select the Disc or CPU options in the View Settings section since you'll show the disc status or CPU Utilization in this example.
EPS Stats
It is the widget where you can get information about the traffic generated by the events happening in the network system and the number of events happening at the moment. In the Select Widget section, when you select the EPS Stats named widget, Logsign will perform the necessary operations and present the final result without having to use any queries. After you have defined a name for the title information, choose what to filter our widget in the View Settings section. Choose Event Per Second option to know the number of events happening at the moment.