A Box Plot Chart graphically depicts groups of data using quartiles, which are the values that divide a list of numbers into quarters. In Box Plot charts, the bottom and top of the box represent the first and third quartiles; the band inside the box represents the median.
To create Box Plot Chart Panels, your query must include the:
- Smallest value (sample minimum) using the min or _min field name.
- Lowest quartile (25%) using the _pct_25 field name. You can use both lower or ends with in this part of the query.
- Median quartile (50%) using the _pct_50 field name. You can use both lower or ends with in this part of the query.
- Upper quartile (75%) using the _pct_75 field name.
- Largest value (sample maximum) using the max or _max field name.
For example, this query can be rendered as a Box Plot Chart:
| 5 as a
| 6 as b
| 7 as c
| 8 as d
| 9 as e
| min(a), pct(b,25), pct(c,50), pct(d,75), max(e)
Because this query doesn't meet all the requirements, it cannot be rendered as a Box Plot Chart:
| 5 as a
| 7 as b
| 7 as c
| 7 as d
| avg<(a, b), max (c,d), min(c)
The above query is missing the lower, median, and upper quartile values.
The Sumo Logic App for Amazon VPC Flow Logs uses a query that creates a box plot chart. It is:
| json "message","logStream","logGroup"
| parse field=message "* * * * * * * * * * * * * *" as version,accountID,interfaceID,src_ip,dest_ip,src_port,dest_port,Protocol,Packets,bytes,StartSample,EndSample,Action,status
| timeslice 1m
| min(Packets), pct(Packets,25), pct(Packets,50), pct(Packets,75), max(Packets) by _timeslice
To create a Box Plot Chart:
- Type a supported query in the Search box, making sure to include all of the required field names.
- Once the search results appear, click the Box Plot Chart icon.
- (Optional) Click Add to Dashboard if you'd like to save the chart as a Panel.