Using the Sankey chart
The Sankey chart is an extremely useful method of investigating filtered data, for example, of a specific alert, outlier, report, or threat. Use the Sankey chart to reveal unsuspected relationships or oddities.
About this task
The Sankey chart simplifies answering questions such as:
- Is a specific database getting accessed by DB users with unique IPs?
- Are all the users accessing the database with the same source programs? How many of the users exhibit unusual (exceptional) behavior?
- What is the relationship between client IP, client host name, and DB user in the specific data environment?
- Presents four dimensions (and their relationships) in one view, giving a more complete and fluid view of the data that otherwise requires multiple charts.
- Provides immediate and fluent focusing and scanning by hovering over different elements (for example, DB users) and viewing all the relevant activity. The width of the related links update proportionately to the hovered link width, representing the activity flow and quantity.
- Uses line widths to intuitively reflect volumes of activity.
- Reflects, at a glance, the relationships between the selected dimensions.
- Supports the central manager level (all collectors/aggregators within one central manager).
- All fields are configurable.