Visualizing the average magnitude of an event on a geographic chart
In this example, you set the source and destination IP addresses, edit the colors that display on the scatter geo chart, and set the chart to auto rotate in the dashboard.
Before you begin
Procedure
-
Click Configure dashboard.
The Configure dashboard screen displays a library of available widgets, with details about each widget.
- Click Create new widget.
- On the New Dashboard Item page, enter Magnitude of events as the name and provide a description.
-
Select AQL as the data source, set the Refresh
Time to every 5 minutes, and enter the following AQL query in the AQL
Statement field:
SELECT sourceip as 'Source IP', destinationip as 'Destination IP', AVG(magnitude) as 'Average Magnitude', count(*) as 'Number of Events', GEO::LOOKUP(destinationip, 'geo_json') as destinationGeo, GEO::LOOKUP(sourceip, 'geo_json') as 'sourceGeo' from events group by 'Source IP'
- Set the Results Limit to 1000, and click Run Query.
- Configure the chart display. In the Views section of the page, enter Magnitude of events as the View Name and select Geographic Chart as the chart type.
-
On the General tab, select sourceGeo in the
Geographic Data field, and click the More options icon
(
).
- Leave the Axis Label as sourceGeo.
- Select sourceGeo as the Hover Text.
- Pick a round symbol, green color, and size 5 for the data point.
-
Click the More options icon (
) to minimize the selected row.
Figure 1. Settings for sourceGeo data
-
Click Add Series, select destinationGeo, and repeat
step 7. In step 7c, change the values to a diamond symbol,
pink color, and size 8 for the data point.
Figure 2. Settings for destinationGeo data - Select Globe (Orthographic) for the Projection.
- Set Show Legend to Yes, and pick the Vertical legend orientation.
-
On the Thresholds tab, click Add Threshold
Indicator. You can apply thresholds only if the AQL query contains numeric columns, such
as Average Magnitude, Number of Events and
count(*).
-
Select a threshold indicator, and click the More options icon (
).
- Select a column, add a threshold value, and then click Add Threshold.
- Change the option or use the default options. Add as many threshold values as you need.
- Optional: For the Point Color threshold, select a color scale mode to display on the dashboard item.
-
Select a threshold indicator, and click the More options icon (
- Optional: Pick a scale mode to display for the Point Color threshold. The color scale mode displays under the legend on the dashboard item.
- On the Map tab, enable all of the options except for Display Grid.
- Pick colors for the lines, land, water, borders of the map. Choose whether to display the map grid or not.
- Under Viewport, configure the latitude, longitude, and scale for how the map displays in the dashboard item. When you're happy with the preview display, click Set latitude, longitude, and scale as seen in the preview.
-
Click Save.
Figure 3. Geographic chart that shows the magnitude of events - Optional:
Click the Settings icon (
) on the dashboard item, and toggle the Autorotate Globe switch.