Kaspersky Next XDR Expert
1.2

Contents

Widget settings

This section describes the settings of all widgets available in KUMA.

In this section

"Events" widget

"Active lists" widget

"Context tables" widget

"Assets" customized widget

Other widgets
Page top
[Topic 254289]

"Events" widget

Expand all | Collapse all

You can use the Events widget to get analytics based on SQL queries.

When creating this widget, you must specify the settings described in the tables below.

Tab Selectors

The following table lists the settings on the Selectors tab.

Description of parameters

Setting

Description

Graph

Graph type. The following graph types are available:

  • Pie chart.
  • Bar chart.
  • Counter.
  • Line chart.
  • Table.
  • Date Histogram.
  • Stacked bar chart.

Format

Data display format: Absolute values or Relative values, %. The setting is available for a Stacked bar chart.

If you select the Absolute values format, the heights of the bars correspond to the sum of the values of the measured indicator. If you select the Relative values, % format, all bars have the same height of 100%, and the relative heights of colored zones on the bars correspond to the ratios of indicator values.

By default, Absolute values is selected.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Time period

Period for which data is displayed in the widget. The default is As layout, meaning that data is displayed for the period selected for the layout.

You can also specify a period for the widget in one of the following ways:

  • Select the exact start and end date and time of the period in the calendar and click Apply.
  • Select a period relative to the present time in the Relative period list.
  • Specify a value manually: select an exact date and time or a relative period, or a combination of both.

For details, see the Configuring a period subsection below.

Show data for previous period

Enable the display of data for two periods at the same time: for the current period and for the previous period.

When using a Stacked bar chart, the Show data for previous period setting is taken into account if the query contains standard aliases: value, category, metric. However, if instead of the standard metric, the query uses a custom metric calculation with non-standard aliases, the Show data for previous period is not taken into account.

Storage

Storage that is searched for events. The list displays the available spaces. You can select only one storage, but you can select one or more spaces. The values in the Storage field are independent of the selected tenants in the Tenant field. The field displays storages and spaces, like in the Events section.

When a new space is created in the storage, this new space is not selected by default in the widget settings. You must manually select the new space.

If the user has access to all spaces listed in the widget, the widget can display the event information for tenants specified in the space set in the user's permissions.

If the user does not have access rights to one or more spaces of the storage, the widget cannot display information; the user cannot edit the widget, but can duplicate the widget using the Duplicate button. Duplication does not depend on access rights to spaces. If a template is duplicated in widgets that have spaces specified that are not accessible to the user, the value in the Storage field is reset. Such widgets display an error: Access denied (Operation returns no results because of allowed and selected event spaces). To save the template, you need to specify spaces in widgets.

In widgets that have spaces that are accessible to the user, the value of the Storage field is not reset and is saved when the template is duplicated.

When the user downloads the template, the data of inaccessible files are hidden in the downloaded file.

If the user's email address is included in the list of recipients of the scheduled report, the user gets the full version of the report, regardless of which spaces are accessible.

SQL query field (icon_search_events)

Query for filtering and searching for events manually. You can create a query in Builder by clicking icon_search_events.

For detailed information on creating an SQL query in the query constructor, see below.

The following limitations apply:

  • The metric and value aliases in SQL queries cannot be edited for any type of event analytics widget, except tables.
  • Aliases in widgets of the Table type can contain Latin and Cyrillic characters, as well as spaces. When using spaces or Cyrillic, the alias must be enclosed in quotation marks: "An alias with a space", `Another alias`.
  • ARRAY JOIN SQL queries are not supported.
  • When displaying data for the previous period, sorting by the count(ID) parameter may not work correctly. We recommend sorting by the metric parameter. For example, SELECT count(ID) AS "metric", Name AS "value" FROM `events` GROUP BY Name ORDER BY metric ASC LIMIT 250.
  • In widgets of the Counter type, you must specify the method of data processing for the values of the SELECT function: count, max, min, avg, sum.

Configuring a period

To configure the data display period, do one of the following:

  • If necessary, change the date and time in the Time period setting in one of the following ways:
    • If you want to specify an exact date, in the calendar on the left, select the start and end date of the period and click Apply.

      You can select a date up to and including the current date. The date and time format depends on your browser settings. If the Date from or Date to field has a value and you have not edited the time value manually, when you select a date in the calendar, the Date from field is automatically populated with 00:00:00.000, and the Date to field with 23:59:59.999. If you have manually deleted the value in the Date from or Date to field, when you select a date in the calendar, the field is automatically populated with the current time. After you select a value in one of the fields, the focus switches to the other field. If your Date to is earlier than your Date from, this earlier value is automatically inserted into the Date from field.

    • If you want to specify a relative period, select one of the available periods in the Relative period list on the right.

      The period is calculated relative to the current time.

    • If you want to specify a custom period, edit the value of the Date from and Date to fields.

      You can enter an exact date and time in the DD.MM.YYYY HH:mm:ss.SSS format for the Russian localization and YYYY-MM-DD HH:mm:ss.SSS for the English localization or a period relative to the current time as a formula. You can also combine these methods if necessary. If you do not specify milliseconds when entering the exact date, 000 is substituted automatically. If you have edited the time in the Date from or Date to fields, picking a date in the calendar does not change the time component.

      In the relative period formulas, you can use the now parameter for the current date and time and the interval parameterization language: + (only in the Date to field), -, / (rounding to the nearest), as well as time units: y (year), M (month), w (week), d (day), h (hour), m (minute), s (second). For example, you can specify the period now-5d to get data for the last five days, or now/w to get data from the beginning of the first day of the current week (00:00:00:000 UTC) to the current time (now).

      The Date from field is required, and its value cannot exceed the value of the Date from field, and also cannot be earlier than 1970-01-01 (if specifying an exact date or a relative period). The Date to cannot be earlier than the Date from. If you do not specify a value in the Date from field, now is specified automatically.

    KUMA stores time values in UTC, but in the user interface time is converted to the time zone of your browser. This is relevant to the relative periods: Today, Yesterday, This week, and This month. For example, if the time zone in your browser is UTC+3, and you select Today as the data display period, data will be displayed for the period from 03:00:00.000 until now, not from 00:00:00.000 until now.

    If you want to take your time zone into account when selecting a relative data display period, such as Today, Yesterday, This week, or This month, you need to manually add a time offset in the Date from and Date to fields (if a value other than now is specified) by adding or subtracting the correct number of hours. For example, if your browser's time zone is UTC+3 and you want to display data for Yesterday, you need to change Date from to now-1d/d-3h and Date to to now/d-3h. If you want to display data for the Today period, you only need to change the value in the Date from field to now/d-3h.

    If you need results up to 23:59:59:999 UTC of yesterday, you can use an SQL query with a filter by Timestamp or specify an exact date and time.

    The bounds of the period are inclusive: for example, for the Today time range, events are displayed from the beginning (00:00:00:000 UTC) of the current day to the current time (now) inclusive, and for the Yesterday period, events are displayed from the beginning (00:00:00:000 UTC) of the previous day to 00:00:00:000 UTC of the current day. You can view the date and time of the last data update and the exact period for which the data is displayed by hovering over the period icon in the widget.

    If the Show data for previous period setting is enabled for the widget, and the widget is displaying data for a relative period, the tooltip also displays the previous period. The previous period is calculated relative to the current period as start and end values of the current period minus the duration of the current period. For example, if data is updated daily and displayed for a month, but only the first 10 days of the month have passed, the previous period is taken to be the last 10 days of the previous month.

  • If you want the widget to display data for the period selected for the layout, click the Reset button. Changing the displayed period on the layout also changes the period displayed in the widget.

How to create a query in Builder

To create a query in Builder:

  1. Specify the values of the following parameters:
    1. SELECT—event fields that should be returned. The number of available fields depends on the selected graph type.
      • In the drop-down list on the left, select the event fields for which you want to display data in the widget.
      • The middle field displays what the selected field is used for in the widget: metric or value.

        If you selected the Table graph type, in the middle fields, you must specify column names using ANSII-ASCII characters.

      • In the drop-down list on the right, you can select an operation to be performed on the data:
        • count—event count. This operation is available only for the ID event field. Used by default for line charts, pie charts, bar charts, and counters. This is the only option for date histogram.
        • max is the maximum value of the event field from the event selection.
        • min is the minimum value of the event field from the event selection.
        • avg is the average value of the event field from the event selection.
        • sum is the sum of event field values ​​from the event selection.
    2. SOURCE is the type of the data source. Only the events value is available for selection.
    3. WHERE—conditions for filtering events.
      • In the drop-down list on the left, select the event field that you want to use for filtering.
      • Select the necessary operator from the middle drop-down list. The available operators depend on the type of value of the selected event field.
      • In the drop-down list on the right, enter the value of the condition. Depending on the selected type of field, you may have to manually enter the value, select it from the drop-down list, or select it on the calendar.

      You can add search conditions by clicking Add condition or remove search conditions by clicking cross.

      You can also add groups of conditions by clicking Add group. By default, groups of conditions are added with the AND operator, but you can change the it if necessary. Available values: AND, OR, NOT. Group conditions are deleted using the Delete group button.

    4. GROUP BY—event fields or aliases to be used for grouping the returned data. This parameter is not available for Counter graph type.
    5. ORDER BY—columns used as the basis for sorting the returned data. This parameter is not available for the Date Histogram and Counter graph types.
      • In the drop-down list to the left, select the value that will be used for sorting.
      • Select the sort order from the drop-down list on the right: ASC for ascending, DESC for descending.
      • For Table type graphs, you can add sorting conditions by clicking Add column.
    6. LIMIT is the maximum number of data points for the widget. This parameter is not available for the Date Histogram and Counter graph types.
  2. Click Apply.

Example of search conditions in the query builder

WidgetCustomExample

Search condition parameters for the widget showing average bytes received per host

Tab Actions

The following table lists the settings on the Actions tab.

The tab is displayed if on the Selectors tab in the Graph field you have selected one of the following values: Bar chart, Line chart, Date Histogram.

Description of parameters

Setting

Description

Y-min and Y-max

Scale of the Y axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

X-min and X-max

Scale of the X axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

Line-width

Width of the line on the graph. This field is displayed for the "Line chart" graph type.

Point size

Point size on the graph. This field is displayed for the "Line chart" graph type.

Tab wrench

The following table lists the settings on the wrench tab.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Color

The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

This setting is available for graphs such as Bar chart, Counter, Line chart, Date Histogram.

Horizontal

Makes the histogram horizontal instead of vertical.

When this option is enabled, when a widget displays a large amount of data, horizontal scrolling is not available and all available information is fit into the fixed size of the widget. If there is a lot of data to display, it is recommended to increase the widget size.

Show total

Shows sums total of the values.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Decimals

Number of decimals to which the displayed value must be rounded off.

Period segments length

Duration of the segments into which you want to divide the period. Available for graphs of the Date Histogram type.

Scale

Scale for displaying data. Available for a Stacked bar chart. The following values are possible:

  • Linear
  • Square
  • Logarithm

The default is Linear.

Page top
[Topic 217867]

"Active lists" widget

You can use the Active lists widget to get analytics based on SQL queries.

When creating this widget, you must specify the settings described in the tables below.

Tab Selectors

The following table lists the settings that must be specified on the Selectors tab.

Description of parameters

Setting

Description

Graph

Graph type. The following graph types are available:

  • Bar chart.
  • Pie chart.
  • Counter.
  • Table.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Correlator

The name of the correlator that contains the active list for which you want to receive data.

Active list

The name of the active list for which you want to receive data.

The same active list can be used by different correlators. However, a separate entity of the active list is created for each correlator. Therefore, the contents of the active lists used by different correlators differ even if the active lists have the same names and IDs.

SQL query field

This field lets you manually enter a query for filtering and searching active list data.

The query structure is similar to that used in event search.

When creating a query based on active lists, you must consider the following:

  • For the FROM function, you must specify the `records` value.
  • If you want to receive data for fields whose names contain spaces and Cyrillic characters, you must also enclose such names in quotes in the query:
    • In the SELECT function, enclose aliases in double quotes or backticks: "alias", `another alias`.
    • In the ORDER BY function, enclose aliases in backticks: `another alias`.
    • Event field values ​​are enclosed in straight quotes: WHERE DeviceProduct = 'Microsoft'.
  • Names of event fields do not need to be enclosed in quotes.
  • If the name of an active list field begins or ends with spaces, these spaces are not displayed by the widget. The field name must not contain spaces only.
  • If the values of the active list fields contain trailing or leading spaces, it is recommended to use the LIKE '%field value%' function to search by them.
  • In your query, you can use service fields: _key (the field with the keys of active list records) and _count (the number of times this record has been added to the active list), as well as custom fields.
  • The "metric" and "value" aliases in SQL queries cannot be edited for any type of active lists analytics widget, except tables.
  • If a date and time conversion function is used in an SQL query (for example, fromUnixTimestamp64Milli) and the field being processed does not contain a date and time, an error will be displayed in the widget. To avoid this, use functions that can handle a null value. Example: SELECT _key, fromUnixTimestamp64Milli(toInt64OrNull(DateTime)) as Date FROM `records` LIMIT 250.
  • Large values for the LIMIT function may lead to browser errors.
  • If you select Counter as the graph type, you must specify the method of data processing for the values of the SELECT function: count, max, min, avg, sum.

Special considerations apply when using aliases in SQL functions and SELECT, you can use double quotes and backticks: ", `.

If you selected Counter as the graph type, aliases can contain Latin and Cyrillic characters, as well as spaces. When using spaces or Cyrillic, the alias must be enclosed in quotation marks: "An alias with a space", `Another alias`.

When displaying data for the previous period, sorting by the count(ID) parameter may not work correctly. It is recommended to sort by the metric parameter. For example, SELECT count(ID) AS "metric", Name AS "value" FROM `events` GROUP BY Name ORDER BY metric ASC LIMIT 250.

You can get the names of the tenants in the widget instead of their IDs.

If you want the names of tenants to be displayed in active list widgets instead of tenant IDs, in correlation rules of the correlator, configure the function for populating the active list with information about the corresponding tenant.

To configure the function:

  1. Export the list of tenants.
  2. Create a dictionary of the Table type and import the previously obtained list of tenants into the dictionary.
  3. Add a local variable with the dict function for mapping the tenant name to tenant ID to the correlation rule.

    Example:

    • Variable: TenantName
    • Value: dict ('<Name of the previously created dictionary with tenants>', TenantID)
  4. Add an action with active lists to the correlation rule. T

    his action will write the value of the previously created variable in the key-value format to the active list using the Set function. As the key, specify the field of the active list (for example, Tenant), and in the value field, reference the previously created variable (for example, $TenantName).

When this rule triggers, the name of the tenant mapped by the dict function to the ID from the tenant dictionary is placed in the active list. When creating widgets for active lists, you can get the name of the tenant by referring to the name of the field of the active list (in the example above, Tenant).

The method described above can be applied to other event fields with IDs.

Sample SQL queries for receiving analytics based on active lists:

  • SELECT * FROM `records` WHERE "Event source" = 'Johannesburg' LIMIT 250

    This query returns the key of the active list where the field name is "Event source" and the value of this field is "Johannesburg".

  • SELECT count(_key) AS metric, Status AS value FROM `records` GROUP BY value ORDER BY metric DESC LIMIT 250

    Query for a pie chart, which returns the number of keys in the active list ('count' aggregation over the '_key' field) and all variants of the Status custom field. The widget displays a pie chart with the total number of records in the active list, divided proportionally by the number of possible values for the Status field.

  • SELECT Name, Status, _count AS Number FROM `records` WHERE Description ILIKE '%ftp%' ORDER BY Name DESC LIMIT 250

    Query for a table, which returns the values ​​of the Name and Status custom fields, as well as the service field '_count' for those records of the active list in which the value of the Description custom field matches ILIKE '%ftp%'. The widget displays a table with the Status, Name, and Number columns.

Tab Actions

The following table lists the settings that must be specified on the Actions tab.

This tab is displayed if on the Selectors tab, in the Graph field, you have selected Bar chart.

Description of parameters

Settings

Description

Y-min and Y-max

Scale of the Y axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

X-min and X-max

Scale of the X axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

Tab wrench

The following table lists the settings that must be specified on the wrench tab.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Color

The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

Horizontal

Makes the histogram horizontal instead of vertical.

When this setting is enabled, all available information is fitted into the configured widget size. If the amount of data is great, you can increase the size of the widget to display it optimally.

Show total

Shows sums total of the values.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Page top
[Topic 234198]

"Context tables" widget

You can use the Context tables widget to get analytics based on SQL queries.

When creating this widget, you must specify the settings described in the tables below.

Tab Selectors

The following table lists the settings that must be specified on the Selectors tab.

Description of parameters

Setting

Description

Graph

Graph type. The following graph types are available:

  • Bar chart.
  • Pie chart.
  • Counter.
  • Table.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Correlator

Name of the correlator that contains the context table for which you want to receive information.

Context table

Name of the context table for which you want to receive information.

The same context table can be used in multiple correlators. However, a separate entity of the context table is created for each correlator. Therefore, the contents of the context tables used by different correlators are different even if the context tables have the same name and ID.

SQL query field

This field lets you manually enter a query for filtering and searching context table data. By default, for each widget type, the field contains a query that obtains the context table schema and the key by key fields.

The query structure is similar to that used in event search.

When creating a query based on context tables, you must consider the following:

  • For the FROM function, you must specify the `records` value.
  • You can get data only for the fields specified in the context table schema.
  • You can use supported features of ClickHouse.
  • If you want to receive data for fields whose names contain spaces and Cyrillic characters, you must also enclose such names in quotes in the query:
    • In the SELECT function, enclose aliases in double quotes or backticks: "<alias>", `<another alias>`;
    • In the ORDER BY function, enclose aliases in backticks: `<another alias>`
    • Event field values are enclosed in straight quotes: WHERE DeviceProduct = 'Microsoft'
  • Names of event fields do not need to be enclosed in quotes.
  • If the name of an active list field begins or ends with spaces, these spaces are not displayed by the widget. The field name must not contain spaces only.
  • If the values of the active list fields contain trailing or leading spaces, it is recommended to use the LIKE '%<field value>%' function to search by them.
  • You can use the _count service field (how many times this record has been added to the context table), as well as custom fields.
  • The metric and value aliases in SQL queries cannot be edited for any type of active lists analytics widget, except tables.
  • If a date and time conversion function is used in an SQL query (for example, fromUnixTimestamp64Milli) and the field being processed does not contain a date and time, an error will be displayed in the widget. To avoid this, use functions that can handle a null value. Example: SELECT _key,fromUnixTimestamp64Milli(toInt64OrNull(DateTime)) as Date FROM `records` LIMIT 250.
  • Large values for the LIMIT function may lead to browser errors.
  • If you select Counter as the chart type, you must specify the method of data processing for the values of the SELECT function: count, max, min, avg, sum.

Special considerations when using aliases in SQL functions and SELECT statements: you may use double quotes and backticks: ", `.
When using spaces or non-Latin characters, the alias must be enclosed in double quotes: "<Alias with a space>", values must be enclosed in straight single quotes: '<Value with a space>'.
When displaying data for the previous period, sorting by the count(ID) parameter may not work correctly. We recommend sorting by the metric parameter. For example, SELECT count(ID) AS "metric", Name AS "value" FROM `events` GROUP BY Name ORDER BY metric ASC LIMIT 250.

You can get the names of the tenants in the widget instead of their IDs.

If you want the names of tenants to be displayed in active list widgets instead of tenant IDs, in correlation rules of the correlator, configure the function for populating the active list with information about the corresponding tenant.

To configure the function:

  1. Export the list of tenants.
  2. Create a dictionary of the Table type and import the previously obtained list of tenants into the dictionary.
  3. Add a local variable with the dict function for mapping the tenant name to tenant ID to the correlation rule.

    Example:

    • Variable: TenantName
    • Value: dict ('<Name of the previously created dictionary with tenants>', TenantID)
  4. Add an action with active lists to the correlation rule. T

    his action will write the value of the previously created variable in the key-value format to the active list using the Set function. As the key, specify the field of the active list (for example, Tenant), and in the value field, reference the previously created variable (for example, $TenantName).

When this rule triggers, the name of the tenant mapped by the dict function to the ID from the tenant dictionary is placed in the active list. When creating widgets for active lists, you can get the name of the tenant by referring to the name of the field of the active list (in the example above, Tenant).

The method described above can be applied to other event fields with IDs.

Sample SQL queries for receiving analytics based on active lists:

  • SELECT * FROM `records` WHERE "Event source" = 'Johannesburg' LIMIT 250

    This query returns the key of the active list where the field name is "Event source" and the value of this field is "Johannesburg".

  • SELECT count(_key) AS metric, Status AS value FROM `records` GROUP BY value ORDER BY metric DESC LIMIT 250

    Query for a pie chart, which returns the number of keys in the active list (count aggregation over the _key field) and all variants of the Status custom field. The widget displays a pie chart with the total number of records in the active list, divided proportionally by the number of possible values for the Status field.

  • SELECT Name, Status, _count AS Number FROM `records` WHERE Description ILIKE '%ftp%' ORDER BY Name DESC LIMIT 250

    Query for a table, which returns the values of the Name and Status custom fields, as well as the service field _count for those records of the active list in which the value of the Description custom field matches ILIKE '%ftp%'. The widget displays a table with the Status, Name, and Number columns.

Tab Actions

The following table lists the settings that must be specified on the Actions tab.

This tab is displayed if on the Selectors tab, in the Graph field, you have selected Bar chart.

Description of parameters

Setting

Description

Y-min and Y-max

Scale of the Y axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

X-min and X-max

Scale of the X axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

Tab wrench

The following table lists the settings that must be specified on the wrench tab.

Description of parameters

Settings

Description

Name

Name of the widget.

Description

Description of the widget.

Color

The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

Horizontal

Makes the histogram horizontal instead of vertical.

When this setting is enabled, all available information is fitted into the configured widget size. If the amount of data is great, you can increase the size of the widget to display it optimally.

Show total

Shows sums total of the values.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Page top
[Topic 265363]

"Assets" customized widget

You can use the Assets → Customized widget to get advanced asset analytics from processed events using the query builder. In the query, you must specify the asset field and the corresponding condition or set of conditions by which you want the assets to be counted (Y-axis). You can also specify one or more additional conditions (categories) to be used for comparing the number of assets for each field.

When creating the custom widget for assets, you must specify the settings described in the tables below.

Tab Selectors

The following table describes the settings on the Selectors tab.

Description of parameters

Setting

Description

Graph

Graph type. The following graph types are available:

  • Pie chart.

    The distribution of assets by the specified categories is displayed for all selected tenants.

  • Counter.

    Assets are counted based on a single condition. The chart displays the sum of assets that match the condition across all selected tenants.

  • Table.

    Assets are counted by the specified categories across all selected tenants. Each category in the chart has a corresponding row. The category name is displayed in the value column. The number of assets matching the condition is displayed in the metric column.

  • Stacked bar chart

    Assets are counted by the specified categories across all selected tenants, and you can group assets by tenants (in this case, individual tenants are arranged along the X axis). Each category has its own zone on the bars of the chart, represented by its own color. Category names are displayed in the legend. You can use check boxes to the left of category names to hide or show the corresponding areas on the bars.

Format

This setting is available for charts of the Stacked bar chart type. Data display format: Absolute values or Relative values, %. If you select the Absolute values format, the heights of the bars correspond to the sum of the values of the measured indicator. If you select the Relative values, % format, all bars have the same height of 100%, and the relative heights of colored zones on the bars correspond to the ratios of indicator values.

By default, Absolute values is selected.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Asset category

The asset category for which the widget is displaying data.

Search in uncategorized assets

This setting lets you display assets that do not have a category.

This check box is cleared by default.

Select axes group of settings

Y-axis

Required setting. Asset field and the condition or set of conditions specified for this field, that define how assets are to be counted.

Y-axis category

Category for the selected field. Not used for a graph of the Counter type. This setting is optional for Y-axis fields whose values are enumerations (can be selected from a finite list of values). For all other fields, this parameter is required.

Group by tenant

This setting is available for charts of the Stacked bar chart type. Enables additional grouping of assets by tenant. If the check box is selected, assets on the chart are broken up along the X-axis into bars corresponding to individual tenants. If the check box is cleared, all assets are displayed on the same bar. This check box is cleared by default.

Tab wrench

The following table describes the settings on the wrench tab.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Show total

This setting is available for charts of the Pie chart type. Enables the display of totals in the chart, in addition to the selected categories. If this check box is enabled, the sum of the values of all specified categories is displayed in the center of the pie chart and in the legend in a separate Total column. The toggle switch is turned off by default.

Color

This setting is available for charts of the Counter type. The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

Horizontal

Makes the histogram horizontal instead of vertical.

When this option is enabled, when a widget displays a large amount of data, horizontal scrolling is not available and all available information is fit into the fixed size of the widget. If there is a lot of data to display, it is recommended to increase the widget size.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Decimals

Number of decimals to which the displayed value must be rounded off.

Scale

Available for a Stacked bar chart. Scale for displaying data. The following values are possible:

  • Linear
  • Square
  • Logarithm

The default is Linear.

Page top
[Topic 294568]

Other widgets

This section describes the settings of all widgets except the Events and Active lists widgets.

The set of parameters available for a widget depends on the type of graph that is displayed on the widget. The following graph types are available in KUMA:

  • Pie chart (pie).
  • Counter (counter).
  • Table (table).
  • Bar chart (bar1).
  • Date Histogram (bar2).
  • Line chart.
  • Stacked bar chart.

Settings for pie charts

The following table below lists the settings of a Pie chart.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Time period

Period for which data is displayed in the widget. The default is As layout, meaning that data is displayed for the period selected for the layout.

You can also specify a period for the widget in one of the following ways:

  • Select the exact start and end date and time of the period in the calendar and click Apply.
  • Select a period relative to the present time in the Relative period list.
  • Specify a value manually: select an exact date and time or a relative period, or a combination of both.

For details, see the Configuring a period subsection below.

Show total

Shows sums total of the values.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Decimals

Number of decimals to which the displayed value must be rounded off.

Settings for counters

The following table below lists the settings of a Counter.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Time period

Period for which data is displayed in the widget. The default is As layout, meaning that data is displayed for the period selected for the layout.

You can also specify a period for the widget in one of the following ways:

  • Select the exact start and end date and time of the period in the calendar and click Apply.
  • Select a period relative to the present time in the Relative period list.
  • Specify a value manually: select an exact date and time or a relative period, or a combination of both.

For details, see the Configuring a period subsection below.

Settings for tables

The following table below lists the settings of a Table.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Time period

Period for which data is displayed in the widget. The default is As layout, meaning that data is displayed for the period selected for the layout.

You can also specify a period for the widget in one of the following ways:

  • Select the exact start and end date and time of the period in the calendar and click Apply.
  • Select a period relative to the present time in the Relative period list.
  • Specify a value manually: select an exact date and time or a relative period, or a combination of both.

For details, see the Configuring a period subsection below.

Show data for previous period

Enabling the display of data for the current and previous periods simultaneously.

Color

The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

Decimals

Number of decimals to which the displayed value must be rounded off.

Settings for Bar charts, Stacked bar charts, and Date Histograms

The table below lists the settings for the Bar chart and Date Histogram type graphs located on the Actions tab.

Description of parameters

Setting

Description

Y-min and Y-max

Scale of the Y axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

X-min and X-max

Scale of the X axis.

Negative values can be displayed on chart axes. This is due to the scaling of charts on the widget and can be fixed by setting zero as the minimum chart values instead of Auto.

Decimals

Number of decimals to which the displayed value must be rounded off.

The table below lists the settings for the Bar chart, Stacked bar chart, and Date Histogram type graphs located on the wrench tab.

Description of parameters

Setting

Description

Name

Name of the widget.

Description

Description of the widget.

Tenant

The tenant for which data is displayed in the widget. You can select multiple tenants. By default, data is displayed for tenants selected in layout settings.

Time period

Period for which data is displayed in the widget. The default is As layout, meaning that data is displayed for the period selected for the layout.

You can also specify a period for the widget in one of the following ways:

  • Select the exact start and end date and time of the period in the calendar and click Apply.
  • Select a period relative to the present time in the Relative period list.
  • Specify a value manually: select an exact date and time or a relative period, or a combination of both.

For details, see the Configuring a period subsection below.

Show data for previous period

Enables the display of data simultaneously for the current and previous periods.

Color

The color used for displaying the information:

  • default for your browser's default font color
  • green
  • red
  • blue
  • yellow

Horizontal

Makes the histogram horizontal instead of vertical. When this setting is enabled, all available information is fitted into the configured widget size. If the amount of data is great, you can enlarge the widget to better fit the data.

Show total

Shows sums total of the values.

Show legend

Displays a legend for the analytics. The toggle switch is turned on by default.

Show nulls in legend

Displays parameters with a null value in the legend for analytics. The toggle switch is turned off by default.

Period segments length

Duration of the segments into which you want to divide the period. Available for graphs of the Date Histogram type.

Configuring a period

For graphs such as Pie chart, Counter, Table, Bar chart, Stacked bar chart, Date Histogram, you can configure the period for displaying data in the widget using the Period setting. By default, the data display period of the widget is the same as the data display period of the dashboard.

To configure the data display period, do one of the following:

  • If necessary, change the date and time in the Time period setting in one of the following ways:
    • If you want to specify an exact date, in the calendar on the left, select the start and end date of the period and click Apply.

      You can select a date up to and including the current date. The date and time format depends on your browser settings. If the Date from or Date to field has a value and you have not edited the time value manually, when you select a date in the calendar, the Date from field is automatically populated with 00:00:00.000, and the Date to field with 23:59:59.999. If you have manually deleted the value in the Date from or Date to field, when you select a date in the calendar, the field is automatically populated with the current time. After you select a value in one of the fields, the focus switches to the other field. If your Date to is earlier than your Date from, this earlier value is automatically inserted into the Date from field.

    • If you want to specify a relative period, select one of the available periods in the Relative period list on the right.

      The period is calculated relative to the current time.

    • If you want to specify a custom period, edit the value of the Date from and Date to fields.

      You can enter an exact date and time in the DD.MM.YYYY HH:mm:ss.SSS format for the Russian localization and YYYY-MM-DD HH:mm:ss.SSS for the English localization or a period relative to the current time as a formula. You can also combine these methods if necessary. If you do not specify milliseconds when entering the exact date, 000 is substituted automatically. If you have edited the time in the Date from or Date to fields, picking a date in the calendar does not change the time component.

      In the relative period formulas, you can use the now parameter for the current date and time and the interval parameterization language: + (only in the Date to field), -, / (rounding to the nearest), as well as time units: y (year), M (month), w (week), d (day), h (hour), m (minute), s (second). For example, you can specify the period now-5d to get data for the last five days, or now/w to get data from the beginning of the first day of the current week (00:00:00:000 UTC) to the current time (now).

      The Date from field is required, and its value cannot exceed the value of the Date from field, and also cannot be earlier than 1970-01-01 (if specifying an exact date or a relative period). The Date to cannot be earlier than the Date from. If you do not specify a value in the Date from field, now is specified automatically.

    KUMA stores time values in UTC, but in the user interface time is converted to the time zone of your browser. This is relevant to the relative periods: Today, Yesterday, This week, and This month. For example, if the time zone in your browser is UTC+3, and you select Today as the data display period, data will be displayed for the period from 03:00:00.000 until now, not from 00:00:00.000 until now.

    If you want to take your time zone into account when selecting a relative data display period, such as Today, Yesterday, This week, or This month, you need to manually add a time offset in the Date from and Date to fields (if a value other than now is specified) by adding or subtracting the correct number of hours. For example, if your browser's time zone is UTC+3 and you want to display data for Yesterday, you need to change Date from to now-1d/d-3h and Date to to now/d-3h. If you want to display data for the Today period, you only need to change the value in the Date from field to now/d-3h.

    If you need results up to 23:59:59:999 UTC of yesterday, you can use an SQL query with a filter by Timestamp or specify an exact date and time.

    The bounds of the period are inclusive: for example, for the Today time range, events are displayed from the beginning (00:00:00:000 UTC) of the current day to the current time (now) inclusive, and for the Yesterday period, events are displayed from the beginning (00:00:00:000 UTC) of the previous day to 00:00:00:000 UTC of the current day. You can view the date and time of the last data update and the exact period for which the data is displayed by hovering over the period icon in the widget.

    If the Show data for previous period setting is enabled for the widget, and the widget is displaying data for a relative period, the tooltip also displays the previous period. The previous period is calculated relative to the current period as start and end values of the current period minus the duration of the current period. For example, if data is updated daily and displayed for a month, but only the first 10 days of the month have passed, the previous period is taken to be the last 10 days of the previous month.

  • If you want the widget to display data for the period selected for the layout, click the Reset button. Changing the displayed period on the layout also changes the period displayed in the widget.

Page top
[Topic 221919]