Google heat map
This chart displays information on a world map using latitude and longitude coordinates, representing data with different colors. Information can be clustered on the map by an optional additional value.
What data do I need for this widget?
The option to create this map will be disabled unless your query contains at least three columns with numeric values. Furthermore, to show meaningful content on the map you need two columns with values that correspond to longitude and latitude.
Creating a Google heat map
Go to Data Search and open the required table.
Perform the required operations to get the data you want to use in the chart.
- Select Additional tools → Charts → Maps → Google heat map from the query toolbar.
- Click and drag the column headers to the corresponding fields.
This chart requires you to select the following fields:
Required Field
Data Type
Latitude float, integer, duration Longitude float, integer, duration Size/Color float, integer, duration Partitioning (optional) string - The Google heat map is displayed.
Shortcut keys
You can hit the following keys to perform different visualization actions:
| Shortcut keys | Description |
|---|---|
W | Increases the radius of the heat points. |
S | Decreases the radius of the heat points. |
A | Increases the color gradient for temperature representation. This will change the color scale for another with a different base color and number of colors to represent the lowest/coldest and highest/warmest. When you get to the las available gradient, pressing the key will go back to the first. This might be useful when the values are very similar and belong to the same range so they would be represented in the same or very similar color. This way we might be overlooking the differences in the values because of the lack of contrast and changing the gradient could help so that the values would be represented differently. |
L | Applies a logarithmic operation to normalize the data, which will be reflected in the heat areas on the map. This might be useful when some values are too far from the general range so normalization is needed for a more cohesive representation. |
T | Applies an arctangential operation to normalize the data, which will be reflected in the heat areas on the map. This might be useful when some values are too far from the general range so normalization is needed for a more cohesive representation. |
N | Resets configuration to revert the applied operations. |
P | Shows/hides a legend with the element added in the partitioning field. |
F | Shows only visible elements. This acts as a switch that applies the temperature scale only to the elements inside the displayed area or to all of them, even if they cannot be seen. This might be helpful in a specific approach to spot the hottest points per geographical area or in a global approach to maintain the perspective regardless of the zoom applied. |
? | Shows/hides the list of shortcut keys. |
Double-click | Zooms in on the map. |
| Double-right-click | Zooms out on the map. |
Query example
You can create a map using the data of the following query:
from siem.logtrust.web.activity
select ip4(srcHost) as ipHost,
mmlatitude(ipHost) as latitude,
mmlongitude(ipHost) as longitude
group every 5m by longitude, latitude
every 5m
select count() as count