Skip to main content
Sumo Logic

Box Plot Charts

A Box Plot Chart graphically depicts groups of data using quartiles, which are the values that divide a list of numbers into quarters. In Box Plot charts, the bottom and top of the box represent the first and third quartiles; the band inside the box represents the median.

To create Box Plot Chart Panels, your query must include the:

  • Smallest value (sample minimum) using the min or _min field name.
  • Lowest quartile (25%) using the _pct_25 field name. You can use both lower or ends with in this part of the query.
  • Median quartile (50%) using the _pct_50 field name. You can use both lower or ends with in this part of the query.
  • Upper quartile (75%) using the _pct_75 field name.
  • Largest value (sample maximum) using the max or _max field name.

For example, this query can be rendered as a Box Plot Chart:

error
| 5 as a
| 6 as b
| 7 as c
| 8 as d
| 9 as e
| min(a), pct(b,25), pct(c,50), pct(d,75), max(e)

Because this query doesn't meet all the requirements, it cannot be rendered as a Box Plot Chart:

error
| 5 as a
| 7 as b
| 7 as c
| 7 as d
| avg<(a, b), max (c,d), min(c)

The above query is missing the lower, median, and upper quartile values.

The Sumo Logic App for Amazon VPC Flow Logs uses a query that creates a box plot chart. It is:

_sourceCategory=vpc  
| json "message","logStream","logGroup"
| parse field=message "* * * * * * * * * * * * * *" as version,accountID,interfaceID,src_ip,dest_ip,src_port,dest_port,Protocol,Packets,bytes,StartSample,EndSample,Action,status
| timeslice 1m
| min(Packets), pct(Packets,25), pct(Packets,50), pct(Packets,75), max(Packets) by _timeslice

To create a Box Plot Chart:

  1. Type a supported query in the Search box, making sure to include all of the required field names.
  2. Once the search results appear, click the Box Plot Chart icon.


     
  3. (Optional) Click Add to Dashboard if you'd like to save the chart as a Panel.