The graph diagram is a theoretical representation of at least two columns of a data table and the connections between their distinct values, represented as nodes. The data nodes can be servers, accounts, persons, events, locations, or other categories. The links between nodes reflect how they are associated to each other, which is very useful to analyze connections and weight relationships.
Here are some use cases for which the graph diagram can be particularly useful:
- Social network analysis, clustering, or influence detection.
- Detection and analysis of fraud or attack.
- Graph-based searches.
- Inventory and management of IT network resources, mapping quality of service, or analysis of root cause.
- Master data management, ownership, or hierarchical organization.
This video takes you through the tutorial to create a Graph diagram using firewall log data in order to visualize and analyze access to dangerous sites from within your company's Intranet.
This is the query used in the tutorial video. You can go to Data Search → Free Text Query and paste it.
from demo.ecommerce.data where isnotnull(clientIpAddress) and reputationscore(clientIpAddress)>1 select split(referralUri,"/",2) as domain select ifthenelse(statusCode>=400,"OK","ERROR") as status group by domain, clientIpAddress, method, status select decode(domain, "www.logcasts.com",latlon(40.4165,-3.70256), "www.google.com",latlon(40.6643,-73.9385), "www.yahoo.com",latlon(-22.90642,-43.18223), "www.bing.com",latlon(-33.86785,151.20732), "www.logtrust.com",latlon(52.52437,13.41053)) as positionDomain select mmcoordinates(clientIpAddress) as clientPosition select int(avg(timeTaken)) as timeTakenAvg