Oracle Cloud Infrastructure Documentation

Visualizing Search Results

You can visualize your Logging Search page results, for both Basic and Advanced Mode searches.

To visualize log data as a chart in Basic Search

You can view log data graphically as a chart in Basic Mode search, along with accompanying tabular data.

Select from the following chart settings:

  • Visualization Type: Select from Stacked Bar, Pie, Donut, or Line. The Stacked Bar and Line charts are organized by default in terms of time (UTC) on the X-axis (datetime), and the chosen Group By logging field. You can hover the mouse over the chart data, which both highlights the area of interest, and displays the data in a tool tip. The Legend in all four chart types also provides an orientation to the displayed chart data.
  • X Axis (stacked bar and line charts only): Select a logging field of interest to replace the default Time in UTC X-axis.
  • Interval (only for stacked bar and line charts, and when datetime is the X Axis): Select from 1 minute, 5 minutes, 15 minutes, 30 minutes, or 1 hour.
  • Group By: Select a logging field to group the results by.

For any chart type being viewed, you can click to expand the <number of> records found list below the chart, which lists the total record sum, and the number of records at each time interval.

To visualize log data as a chart in Advanced Search

Searches can also be visualized during Advanced Mode search. When an advanced query is formulated according to a specific syntax format, the Visualize tab is also available in Advanced Mode, allowing you to view stacked bar, pie, donut, and line charts.

To view charts in Advanced Mode, create your queries using the following syntax:

  • Stacked Bar: 
    summarize count() by <user_selected_field1>,<user_selected_field2(optional)>

    This query returns a table with three columns: <user_selected_field1>,<user_selected_field2>, and count. The chart uses <user_selected_field1> as the x-axis, count for the y-axis, and <user_selected_field2> for the stacked bar group by dimension.

  • Pie: 
    select <log_source> | summarize count() by <user_selected_field>

    This query returns a table with two columns: <user_selected_field> and count. The chart uses <user_selected_field> as the legend, and count for the distribution of the pie chart.

  • Donut: 
    summarize count() by <user_selected_field>

    This query returns a table with two columns: <user_selected_field> and count. The chart uses <user_selected_field> as the legend, and count for the distribution of the donut chart.

  • Line: 
    summarize count() by <user_selected_field1>,<user_selected_field2(optional)>

    The query returns a table with three columns: <user_selected_field1>,<user_selected_field2>, and count. The chart uses <user_selected_field1> as the x-axis, count for the y-axis, and <user_selected_field2> for multiple lines group by dimension.