Skip to main content
Sumo Logic

Box Plot Charts

A Box Plot Chart graphically depicts groups of data using quartiles, which are the values that divide a list of numbers into quarters. In Box Plot charts, the bottom and top of the box represent the first and third quartiles; the band inside the box represents the median.

To create Box Plot Chart panels, your query must include the:

  • Smallest value (sample minimum) using the min or _min field name.
  • Lowest quartile (25%) using the _pct_25 field name. You can use both lower or ends with in this part of the query.
  • Median quartile (50%) using the _pct_50 field name. You can use both lower or ends with in this part of the query.
  • Upper quartile (75%) using the _pct_75 field name.
  • Largest value (sample maximum) using the max or _max field name.

For example, this query can be rendered as a Box Plot Chart:

error
| 5 as a
| 6 as b
| 7 as c
| 8 as d
| 9 as e
| min(a), pct(b,25), pct(c,50), pct(d,75), max(e)

Because this query doesn't meet all the requirements, it cannot be rendered as a Box Plot Chart:

error
| 5 as a
| 7 as b
| 7 as c
| 7 as d
| avg<(a, b), max (c,d), min(c)

The above query is missing the lower, median, and upper quartile values.

The Sumo Logic App for Amazon VPC Flow Logs uses a query that creates a box plot chart. It is:

_sourceCategory=vpc  
| json "message","logStream","logGroup"
| parse field=message "* * * * * * * * * * * * * *" as version,accountID,interfaceID,src_ip,dest_ip,src_port,dest_port,Protocol,Packets,bytes,StartSample,EndSample,Action,status
| timeslice 1m
| min(Packets), pct(Packets,25), pct(Packets,50), pct(Packets,75), max(Packets) by _timeslice

To create a Box Plot chart

  1. Type a supported query in the Search box, making sure to include all of the required field names.
  2. Once the search results appear, click the Box Plot Chart icon.

    Charts - box plot
     
  3. (Optional) Click Add to Dashboard if you'd like to save the chart as a panel.