Document Number : A01
Revision Number : 01
Issue Date : 31/03/2017
1 Connecting to Cloudlytics 3
Cloudlytics allows user to query their data and build custom visualizations to get deeper understanding of their data and find out meaningful insights.
The following sections describes how to create visualizations ( Graphs ) with Cloudlytics.
This is the page you will see to create your visualization
Please follow the steps in order to create visualization :
- Click on the + icon , in order to create a new Graph or Visualization, you will get the following screen.
The Time Range is the window for your data on which you will execute your query, here the default Time Range is the Last 1 hour , which means that your queries will be executed on the data set of the last one hour from the current time.
Search for the Stream for which you want to build visualizations.
- Select the Stream , as soon as you select a Stream you will get the following screen
After Selecting the Stream you will be given option for On Field
On Field shows all the fields which are related to time in your data .
What does this mean ? Lets understand this
For example : Your data is as follows ( we have used event from VPC Flow Log )
2 123456789010 eni-abc123de 172.31.9.69 172.31.9.12 49761 3389 6 20 4249 1418530010 1418530070 REJECT OK
In the above event the values which are displayed in red are Start and End time, in Unix seconds, of the start of the capture window.
When you select your Stream to build your visualization , then the above two fields Start and End will be displayed in
This tells Cloudlytics against which time field you want data to be queried
In the current example the log contains only a single eventtime field as a time field
After selecting the On Filed option you will be given option to choose type of graph you want generate
Select which ever type suits your need. You will get the following screen once you select the Chart Type.
Here I am choosing Bar Chart.
- Understanding the fields :
METRIC : Cloudlytics supports various metrics like count, average ,s um etc. Choose your metric for operation.
FIELD : Field on which the metric should be applied. ( Here you will be given list of fields from your log to choose , but it is dependend on the metric which you choose )
Example : You want to perform a average on ip addresses so in this case your METRIC willl be average and field will be ip address.
In the current example we will be using count metric , which does not need any field since count is performed on all the fields.
AGGREGATE : Cloudlytics support two types of aggregation currently . Term and Date Histogram
Term : If choose this option you will be getting list of fields from your log for performing aggregration, choose any of the field available in your log to perform aggregation.
Date Histogram : This is used when you want to build time line charts or line charts to see the trend in your data.
FIELD : Field on which the aggregation should be applied.
Example of Aggregation :
Example of Date Histogram
In case of Date Histogram you will see the values which are timestamp related in the list.
Interval is the time interval on which your data will be divided.
LABEL : Label which you want to give to your metric.
LIMIT : Number of rows you want in the resultset.
ORDER BY : Field on which you want to do ordering.
ORDER : Asending , Decending etc.
- In the current example we will be performing count on our data and will aggreagate data on the basis of ip and order it by ip in descending order. so finally it will look like as follows
- FILTER : Filter allows you to add more filtering conditions . Example : Add a filter where county name is United States
- Run the query , you will get the final visualization
- In case your options are not correct you will get the following screen with “No data found” message
- Save the visualization with name and tag.