nano SIEM
Search Commands

chart

chart

Create aggregated visualizations. Alias for stats optimized for charting.

Description

The chart command is functionally identical to stats but signals that results are intended for visualization. Use chart when creating dashboard panels or visual analytics.

Syntax

... | chart <function>([field]) [as <alias>] [by <field>]

Arguments

Same as stats command.

Examples

Count by category

* | chart count() by severity

Multiple metrics

* | chart count() as events, sum(bytes) as total_bytes by src_ip

Average response time

* | chart avg(response_time) by endpoint

Distribution analysis

* | chart count() by status, method

Usage Notes

Identical to stats: Functionally the same as stats. Use chart for clarity when creating visualizations.

Dashboard hint: Signals to UI that results should be visualized.

All stats features: Supports all aggregation functions and grouping options.

cloud

Previous Page

dedup

Next Page

Edit this page on GitHub
On this page

On this page

chart
Description
Syntax
Arguments
Examples
Count by category
Multiple metrics
Average response time
Distribution analysis
Usage Notes
Related Commands