Threat Type Distribution

Visualize threat types (Malware, Ransomware, Phishing) distribution within each time period.

Bar Chart type: multiple series, stacked bars.

Sample input data. Here is example input data for this scenario: 

{"timestamp": "2025-08-11T00:01:23Z", "threat_type": "Malware", "host": "host1", "severity": "High"}
{"timestamp": "2025-08-11T00:01:24Z", "threat_type": "Ransomware", "host": "host2", "severity": "Critical"}
{"timestamp": "2025-08-11T00:01:25Z", "threat_type": "Phishing", "host": "host3", "severity": "Medium"}
{"timestamp": "2025-08-11T00:01:26Z", "threat_type": "Malware", "host": "host4", "severity": "High"}
{"timestamp": "2025-08-11T00:01:27Z", "threat_type": "Ransomware", "host": "host5", "severity": "Critical"}

Query. The query for outputting a Bar chart might look like this:

logscale
timeChart(
 interval=1d,
 function=count(),
 series=threat_type
 )

This query performs the following operations:

  1. Creates a time-based visualization

  2. Sets a time interval of 1 day (daily)

  3. Counts events in each time bucket

  4. Separates data into different series by threat type

The chart is useful for seeing how the different threats evolve over time, for tracking thread volumes and visualize different threat types comparison.