Daily Detection Counts with Detection Severity Average

Display daily detection counts as bars with a line showing the 7-day moving average of detection severity.

Bar Chart type: Line Overlay chart.

Sample input data. Here is example input data for this scenario:

{"timestamp": "2025-08-11T00:01:23Z", "detection_id": "det1", "severity_score": 8, "type": "malware"}
{"timestamp": "2025-08-11T00:01:24Z", "detection_id": "det2", "severity_score": 5, "type": "suspicious"}
{"timestamp": "2025-08-11T00:01:25Z", "detection_id": "det3", "severity_score": 9, "type": "ransomware"}
{"timestamp": "2025-08-11T00:01:26Z", "detection_id": "det4", "severity_score": 6, "type": "suspicious"}
{"timestamp": "2025-08-11T00:01:27Z", "detection_id": "det5", "severity_score": 7, "type": "malware"}

Query. To create this bar chart, use the following query:

logscale

timeChart(
    interval=1d,
    function=[
        count() as daily_count,
        avg(severity_score) as avg_severity
    ]
)

This query performs the following operations:

Creates a time-based visualization
Sets a time interval of 1 day (daily)
Counts events per day by naming the field daily_count and showing volume of events
Calculates average severity score per day by naming the field avg_severity and showing trend in event severity

The chart is useful for showing both volume and severity trends.

Data Analysis Overview

LogScale Web Interface

Manage Repositories and Views

Manage Account

Parse Data

Search Data

Write Queries

Query Language Syntax

Query Joins and Lookups

Query Functions

Data Visualization

Dashboards

Widgets

Automation

Template Language

Keyboard Shortcuts

Daily Detection Counts with Detection Severity Average

Other articles on this topic

Similar Content

Training

Enter search term