pettai
commented
5 years ago +1 on this one. I'd suggest different colors per search item
Open markomdinic opened 7 years ago
pettai
commented
5 years ago +1 on this one. I'd suggest different colors per search item
It would be useful to have a mechanism to make search histograms sticky or clone/copy histograms into ordinary graphs and then stack several histograms onto a single graph.
Example use case:
Let's say we have a field spam_score in smtp logs and every log message containing spam_score field represents a single spam message. If we want to see how amount of spam messages changes over time, we can, assuming that scores 6+ are considered spam, do query
spam_score:[ 6 TO 999 ]
and use the histogram.
If we want to have a more detailed analysis - for example, we want to break down 6+ range into brackets 6.0 to 6.9, 7.0 to 7.9, 8.0 to 8.9 .... we have to do separate searches for each bracket and use separate histograms for each search. If we could make histograms sticky, copy them into ordinary graphs or create graphs that are equivalent to histograms, we could stack histograms for each bracket onto a single graph and have a visual breakdown of spam severity over time.
This feature would be useful in every case where time distribution of diverse events is critical.