How-To: Selecting Widgets Based on Query Output

Selecting the right widget for your query results depends on the structure and type of data your query produces. This article helps you identify your query output pattern and choose the most effective widget for visualization.

Note

LogScale automatically disables incompatible widgets based on your query structure.

Identifying Your Data Type

Before selecting a widget, examine the structure of your query output.

The following patterns represent the most common data types and their corresponding widget recommendations.

Time-Based Data

What it looks like: Results include a timestamp or time bucket field with aggregated values over time periods.

Example output:

_bucket              | _count
2024-06-01 10:00:00 | 145
2024-06-01 11:00:00 | 203
2024-06-01 12:00:00 | 178
2024-06-01 13:00:00 | 156

Recommended widgets:

Time Chart Widget → Primary choice for showing trends, patterns, and changes over time.
Heat Map Widget → Shows temporal patterns with intensity, ideal for identifying peak activity times.

Use timeChart() or bucket() functions to prepare data for time-based visualizations.

Categorical Data

What it looks like: Results grouped by categories, labels, or discrete field values with counts or aggregations per category.

Example output:

status_code | _count
200         | 1,245
404         | 89
500         | 23
502         | 5

Recommended widgets:

Bar Chart Widget → Best for comparing quantities across categories visually.
Pie Chart Widget → Shows proportional distribution, works best with 5-7 categories or fewer.
Table Widget → Provides exact numbers with sorting and filtering capabilities.

Use groupBy() and top() functions to create categorical breakdowns.

Flow and Relationship Data

What it looks like: Results showing connections between two entities, such as source and destination pairs, or multi-step sequences.

Example output:

source      | destination      | _count
10.0.1.5    | api.example.com  | 45
10.0.1.8    | db.internal      | 123
10.0.2.10   | api.example.com  | 67

Recommended widget:

Sankey Diagram Widget → Visualizes flows and connections between entities, showing the volume of relationships.

Use sankey() function to prepare source-destination data for flow visualization.

Geographic and Location Data

What it looks like: Results containing IP addresses, country codes, city names, or latitude/longitude coordinates.

Example output:

client_ip     | country | city   | _count
203.0.113.1   | Japan   | Tokyo  | 45
198.51.100.5  | UK      | London | 32
192.0.2.100   | USA     | Boston | 28

Recommended widget:

World Map Widget → Displays events on an interactive map, revealing geographic patterns and distributions.

Use ipLocation() and worldMap() functions to enrich IP addresses with geographic coordinates for mapping.

Single Metric or KPI

What it looks like: Query produces a single aggregated numeric value, such as a total count, average, sum, or percentage.

Example output:

_count
1,247

Recommended widgets:

Single Value Widget → Displays the metric prominently for quick status awareness.
Gauge Widget → Shows the value against defined thresholds with color-coded ranges (healthy, warning, critical).

Use aggregation functions like count(), avg(), or sum() to produce single metric values.

Quick Selection Guidelines

Use the following guidelines when converting table results to widgets:

Time-based data and numerical trends → Time Chart Widget.
Categorical data → Bar Chart Widget / Pie Chart Widget.
Comparisons across categories → Bar Chart Widget.
Proportional distributions → Pie Chart Widget.
Relationships (for example, IP address/port combinations) → Sankey Diagram Widget.
Geographic/location data → World Map Widget.
Key metrics → Single Value Widget / Gauge Widget.
Thresholds → Gauge Widget.

Using Multiple Widgets for the Same Data

The same query results can often be visualized in multiple ways to serve different purposes. For example, categorical data can be shown as:

Bar Chart → For visual comparison of quantities.
Pie Chart → For proportional distribution view.
Table → For exact numbers and detailed analysis.
Single Value → For quick total count overview.

For a detailed example showing one query visualized with five different widget types, see How-To: Visualizing the Same Query With Different Widgets.

Additional Resources

For more information about widgets and visualization, see:

Step-by-Step Guide to Dashboards → Step-by-step guide to creating dashboards.
Widgets Gallery → Gallery of all available widget types for inspiration.
Widgets → Complete widget documentation.
Widget Query Functions → Widget-specific query functions.
Dashboards → Dashboard creation and organization.
How-To: Visualizing the Same Query With Different Widgets → Example showing one query with five widget types.

Versions of this Page

Guidance