Region Map

A Region Map displays the aggregation metrics values by IP addresses by specifying the aggregation bucket.

Metric Aggregations:

  • Count: The count aggregation returns a raw count of the elements in the selected index pattern.
  • Average: This aggregation returns the average of a numeric field. You should select a field from the drop-down.
  • Sum: The sum aggregation returns the total sum of a numeric field. Select a field from the drop-down.
  • Min: The min aggregation returns the minimum value of a numeric field. Select a field from the drop-down.
  • Max: The max aggregation returns the maximum value of a numeric field. Select a field from the drop-down.
  • Unique Count: The cardinality aggregation returns the number of unique values in a field. Select a field from the drop-down.

The bucket aggregation determines what information is being retrieved from your data set.

Bucket aggregation:

  1. Terms

A terms aggregation enables you to specify the order ascendent or descendent from the n elements "Size" of a given field to display, ordered by (metric or alphabetical.)

Click the Options tab to customize latitude, longitude, position of your map chart, and other options.

For example, if you index the source (log-o365-*) to create a new visualization, you can build a Region Map to display the O365 logs count by the top five IP addresses of clients ordered by metric.

region-map-ok.jpg

You can visualize the same result by indexing the source (log-*). However, the system will have to analyze all logs set, making the query response time slower.