In the Aggregates tab, in addition to the standard table view, you can view search results as a chart, such as a bar or column chart.
When charting aggregate results from a query, the grouping function defines the plotted values on the one axis, and the grouping operator determines the values on the other axis. For example, group by _sourceHost produces a bar or point for each host. If you are using multiple group-by functions, a separate bar or point represents each set of grouped results.
To chart aggregate results:
- From a search, run an aggregate query.
- From the Aggregates tab, click a graph button on the Aggregates tab.
For this example, you can see a bar chart, but you can pick from any of the available charting options, see Chart Panel Types for details.