Grouped Plus Histogram Report Type

Grouped Plus Histogram Report type provides the possibility of grouping all the column results according to the query that you type on Search bar with Histogramic Analysis..

Now let's create a Grouped Plus Histogram Report sample. You can follow the steps to create one.

1- First you must prepare the query for the report. In the example as below, you'll create a report including the denied connections. The query should be like the example as below. So, if the query is ready, you can click on the "+ Report"button.


2- If this new page is shown up, you'll select Grouped Plus Histogram Report, and then fill these fields as follows.


Index Type: This tab is predefined as Log. If you want to create the report with index logs , you must set this type as Log. Also you can select Logsign Events to get Logsign web interface events. The column names will be changed according to the index type. The last option is offline. If you select offline, you can create report with reindexed logs from archive.

Time Column: This tab is predefined as Time.Generated column. If you select Time.Generated, your report use this column value as time.

Query: You can input your query in this tab. If you input your query on search section and click "+ create report" button, query will automatically fill as your query on search section.

Report Name: Enter report name.

Report Block: Select report block for report.

Rows Per Page: Determine show to rows per page.

Grouped Column: The Grouped report structure will be configured by this column.

Min Event Count: The minimum event count is the minimum number of logs that is collected at Logsign to be shown on the Logsign Interface. If the event is not accumulated less than certain number that you set, Logsign doesn't show these logs on the Logsign interface. For example, if you want show a web site that accessed more than 10 times, you set this field as 10. So the report will show the web sites that is accessed more than 10 times. Here, you are going to set this as 1 to see all the web site accessed at least once.

Sum Columns: Select column results to be summed.

Sum Column Attributes (Unit and Convert): After the calculation columns are selected, here you can select the calculation unit. You can set this field as MB or GB as you'll convert the sum results of bandwidth usage.

You also need to add a calculation formula for the results. In this example, as you'll collect the data with byte format, you can select this field as /(1024*1024) to convert it to MB. You'll need to select it as /(1024*1024*1024) to convert it to GB.

Value Columns: You can select a column to view the transaction count of this column's results according to the query.

Unique Columns: The selected columns here will show the unique count of these column results according to the query.

Term Columns: You can view more column results according to the query in this field. For example, if you grouped the results by the IP addresses you can also add username column here to see the username info of that IP addresses.

Order By: You can order or sort the results by the columns that you selected above. First you need to select the column type as Term, Count, Unique or Sum and then choose the column name.

Graph Type: Here you have 3 types of graphs. You can select it as Column, Bar, Line or Area.

Filter Columns: Select which columns can use for filter.

Category: Select category for report.

Tags: Select tag for report. This is not a required field.

Compliance: Select compliance for report. This is not a required field.


3- Click Save button to create report.



Was this article helpful?
0 out of 0 found this helpful

Articles in this section

See more
Become a Certified Logsign User/Administrator
Sign-up for Logsign Academy and take the courses to learn about Logsign USO Platform in detail. Enjoy the courses, and get your badges and certificates. In these courses, you'll learn how to use Logsign in your work and add value to your career.
Visit Our Blog
Our Logsign USO Platform illustrate our expertise. So do the blog. Through our blog posts, deepen your knowledge on various SecOps topics or get updated about important news & modern approaches for cybersecurity. Get into the habit of reading valuable information provided by Logsign. Be a step ahead.