Bar Widget

This widget is used to show the distribution of the total count of one selected column over its distinct values.

Field	Description
Query	Enter a search query. Enter USE to start an EQL statement or SELECT to start an SQL statement. You can search based on filter and time Bloks as well.
Date & Time	You can enter absolute and relative time ranges. For example, enter -5h as a relative time range to display results that occur in the last 5 hours.
X-axis data	Choose the column name to define the X-axis of the line chart.
X-axis label	Define the label name for the X-axis that is displayed on the chart.
Y-axis data	Choose the column name to define the Y-axis of the line chart.
Y-axis label	Define the label name for the Y-axis that is displayed on the chart.
Categorize by	Define the column name by which the Y-axis data is combined into a series.
Show legends	Select the check box to display legends on the chart.
Show inverted	Select the check box to invert X-axis and Y-axis values.
Auto refresh	Click the slider to ON to refresh the widget. By default, it is set to OFF.
Refresh widget every	If Auto refresh is set to ON, enter a time interval in seconds to refresh the widget. Refresh action starts after the data is completely retrieved and displayed.

Example

For the search query:

use LogLogic_Monitor_Memory | COLUMNS sys_eventTime, (ll_memTotal-ll_memFree) as memUsed, ll_memTotal as memTotal

the X-axis is sys_eventTime, and the Y-axis is memUsed, memTotal.

Related tasks

Adding Widgets to an Advanced Dashboard