DocumentationChaosSearch Blog
StatusHome Page

Histogram Display and Time Settings

Learn about the Discover histogram display and how to manage time ranges for searches.

Suggest Edits

At the top of the search results page is a histogram of the results over the query time range. The histogram is displayed when the Refinery view has a defined timestamp field (selected when the view was created).

Some views for indexed data might not have timestamps—those are typically dimension tables with fields that contain supporting information but not time-based events. Queries against views that do not have a timestamp do not show the histogram, nor the time range selector since it is meaningless for those search results. As an example, region-view does not have any timestamp details – it is a dimension view. If you query that view, the histogram and time ranges do not appear.

Setting Time Ranges

The default time range for a search is the last 15 minutes. It is very easy to change and adjust the time ranges using the Search Analytics controls to select other ranges that better suit the index data or the type of investigation that you are performing.

For example, you can click the calendar icon next to the time range value to see a pop-up window with some easy-to-select options including an adjustment for the last number of minutes, or for selecting from commonly used values, or by selecting from the range values used in recent searches:. There is also a Refresh option to update the data on a scheduled time frame, which can be helpful for live object groups and the continuously new data that they receive. (Refresh is not very useful for searches on static indexes, because static index data is not changing over time like a live index object group.)

You can click the starting or ending time range to display another set of time options to set the start or end time value using a calendar widget or a relative interval widget, or to set a time to "now" using a quick click.

Alternatively, the histogram shows a window of data over the current time period. Click and drag inside of the histogram to zoom to a more specific duration of time. The time picker updates for the selected range, and the histogram updates to show the new data points.

1344

Updated 5 months ago