While searching for log events, you can group log events by multiple fields and see a time-series or non time-series visualization.

Procedure

  1. On the Explore Logs page, fetch your query search results for log events. For more information, see Search and Filter Logs.
  2. In the chart under the query, select the Over Time drop-down menu.
  3. (Optional) Select the Time series or Non-time series option.
    Option Description
    Time series The results from the search time-frame are split into multiple subresults and for each subresult, a group-by is performed.
    Non-time series A group-by is performed for all the results across the search time-frame.
  4. (Optional) Select one or more fields in the Group by section to group the log events by fields such as app name, hostname, and process.
    If you select the Time series option and group the log events by one or more fields in the Group by section, you see the legend for the selected field values at the far right corner of the chart. Use the legend to select or deselect one or more grouped field values.

    You can also select the Hide All option on the top of the legend to deselect all grouped field values and manually select individual field values that you want to view on the chart.

    The Explore Logs page displaying the legend on the far right corner of the chart.