Event Detection Across Severity Levels

Compare the number of detection events across different severity levels (Critical, High, Medium, Low).

Bar Chart type: Single series.

Sample input data:

detection_namehostseveritytimestamp
Ransomware ActivityWORKSTATION01Critical2025-08-11T00:01:23Z
Suspicious PowerShell ExecutionSERVER02High2025-08-11T00:01:24Z
Unusual Service CreationWORKSTATION03Medium2025-08-11T00:01:25Z
New User AddedSERVER01Low2025-08-11T00:01:26Z
Credential DumpingDC01Critical2025-08-11T00:01:27Z
Lateral Movement AttemptWORKSTATION02High2025-08-11T00:01:28Z
Suspicious Registry ModificationSERVER03Medium2025-08-11T00:01:29Z
Suspicious Process InjectionWORKSTATION04High2025-08-11T00:01:30Z
Failed Login AttemptsSERVER04Low2025-08-11T00:01:31Z
Defense Evasion AttemptDC02Critical2025-08-11T00:01:32Z

Query:

logscale
severity=*
| groupBy(
    severity, 
    function=count(), 
    limit=4
  )
| sort(field=severity, order=asc)

Query breakdown:

  1. Match all events in the selected time range.

  2. Filter for events that contain the severity field.

  3. Group the events by severity level.

  4. Count how many events are in each severity group.

  5. Sort results by count in ascending order.

Visualization: X-axis (category) shows the severity level (one bar per category), Y-axis shows the value (event counts) per category.

Bar Chart showing use case of Event Detection Across Severity Levels

Figure 207. Event Detection Across Severity Levels


Configuration:

  1. From the Search page, type your query in the Query Editor → click Run

  2. Choose Bar Chart in the Widget selector

  3. Click the style icon : the side panel shows most settings already configured by default based on the query result. You may configure more settings manually, as follows.

  4. Set the size of Title formatting to Large to enlarge the title of both axes

  5. In Category axis:

    • Select Show title to display the title

    • Customize the Title

    • Adjust the Text anchor to Right for better display of the bar labels

    • Rotate the bar labels by adjusting the Angle

  6. In Value axis (left):

    • Select Show title to display the title

    • Customize the Title

  7. Toggle the Legend on, set the position of the legend to the right, customize the legend title, show the legend title.

  8. Colors and Bars customize the bar appearance: set the option to show the value on bars, adjust the distance between the bars using Category padding, and choose the preferred color palette.

You can further customize this widget by setting more properties, see Bar Chart Property Reference.