Line Widget

This widget is used to show the distribution of the total count of one selected column over its distinct values.

Field	Description
Query	Enter a search query. Enter USE to start an EQL statement or SELECT to start an SQL statement. You can search based on filter and time Bloks as well.
Date & Time	You can enter absolute and relative time ranges. For example, enter -5h as a relative time range to display results that occur in the last 5 hours.
X-axis data	Choose the column name to define the X-axis of the line chart.
X-axis label	Define the label name for the X-axis that is displayed on the chart.
Y-axis data	Choose the column name to define the Y-axis of the line chart.
Y-axis label	Define the label name for the Y-axis that is displayed on the chart.
Categorize by	Define the column name by which the Y-axis data is combined into a series.
Auto refresh	Click the slider to ON to refresh the widget. By default, it is set to OFF.
Refresh widget every	If Auto refresh is set to ON, enter a time interval in seconds to refresh the widget. Refresh action starts after the data is completely retrieved and displayed.

Example

For the search query:

use LogLogic_Monitor_Memory | COLUMNS sys_eventTime, (ll_memTotal-ll_memFree) as memUsed, ll_memTotal as memTotal

the X-axis is sys_eventTime, and the Y-axis is memUsed, memTotal.

Related tasks

Adding Widgets to an Advanced Dashboard