Merge pull request #2055 from SEKOIA-IO/new-chart-types

Add new chart types to query builder
SEKOIA-IO · Oct 17, 2024 · d15188f · d15188f
2 parents 5ad8a3f + 87f8b76
commit d15188f
Showing 1 changed file with 85 additions and 20 deletions.
diff --git a/docs/xdr/features/investigate/query_builder.md b/docs/xdr/features/investigate/query_builder.md
@@ -107,46 +107,111 @@ When using the Query Builder with Cases as a source, users can filter and manipu
 | Updated at                | The date and time when the case was last updated.                                        |
 | Updated by                | The user or system that last updated the case.                                           |
 
-## Run your query
+## Query results
 
-Click on `Run query` to perform a search.
+To view the results of your query, simply click on `Run query`.
 
 ![results](/assets/operation_center/events/qb-results.png){: style="max-width:100%"}
 
-You can display your results in a table or select a chart type (Pie chart or Vertical bar chart).
+You have various options for displaying your results, depending on your needs. Below, you can explore the different types of visualizations available.
 
-!!! warning
-    Due to the important amount of logs ingested, the Query Builder has **rate limits** to protect the platform's health.
+The query builder offers six visualization options, grouped into two categories:
 
-    There are 3 **rate limits**:
+**1. Total values**: This category focuses on comparing values across different categories at a specific point in time.
 
-    1. **Maximum number of processed rows:** At the moment the maximum value is 10 000.
-    2. **Maximum number of query:** 10 query executions are allowed per minute.
-    3. **Query timeout:** A query will timeout automatically after 10 minutes.
+Examples of total value visualizations:
 
-    About the **maximum number of processed rows** limit, the Query Builder will display partial results in case this limit is reached.
+- Number
+- Table
+- Pie Chart
+- Bar Chart
+
+**2. Time series**: This category highlights how data evolves over time, enabling the analysis of trends and changes.
+
+Examples of time series visualizations:
+
+- Bar Chart
+- Line Chart
+
+Choose the visualization type that best fits your data analysis needs!
 
-## Chart visualization
+### Total values
 
-### Pie chart
+#### Number
+
+The Number visualization prominently displays a single numeric value, making it perfect for showcasing key performance indicators (KPIs) or other important metrics.
+
+To use the Number visualization, your query must result in only one numerical value. It cannot be used if the query returns multiple values.
+
+#### Table
+
+The Table view provides a comprehensive display of raw numerical values for each category across the entire date range. This format allows for direct comparison of total values across different categories.
+
+Currently, the maximum number of rows that can be processed is 10 000.
+
+#### Pie Chart
 
 ![pie chart](/assets/operation_center/events/qb-pie-chart.png){: style="max-width:100%"}
 
-Use the pie chart to show how a total amount is divided between distinct groups. We have limited the max number of values in pie chart to 40 to ensure a correct display.
+The Pie Chart visualization illustrates how a total amount is divided among distinct groups. To ensure clarity in display, the maximum number of values allowed in a pie chart is **limited to 40**.
 
-- In `Label` field, select the column you want to use as a label.
-- In `Value` field, select the column you want to use as a value.
+- In the **Label** field, select the column you want to use for labeling each section of the pie chart.
+- In the **Value** field, select the column that represents the numerical value for each section.
 
-If possible, we will try to automatically select adequate columns.
+Whenever possible, we will attempt to automatically select appropriate columns for you.
 
-### Vertical chart
+#### Bar Chart
 
 ![bar chart](/assets/operation_center/events/qb-bar-chart.png){: style="max-width:100%"}
 
-Use the vertical bar chart to compare values between different groups. We have limited the max number of values in vertical chart to 80 to ensure a correct display.
+The Vertical Bar Chart allows you to compare values across different groups effectively. To ensure a clear display, the maximum number of values allowed in the vertical bar chart is **limited to 80**.
+
+- In the **X-axis**, select the column you want to use for grouping. This column can be of any data type.
+- In the **Y-axis**, select the column that represents the numeric values. This column must contain numeric data.
+
+This format is ideal for visualizing differences in values across various categories at a glance.
+
+### Time series visualizations
+
+#### Column Chart
+
+The Column Chart provides a clear way to compare values across different categories. This visualization is particularly useful for displaying total values side by side. To ensure an effective display, the maximum number of categories allowed in the column chart is **limited to 80**.
 
-- In `X-axis`, select the column you want to use. This column can be of any type.
-- In `Y-axis`, select the column you want to use. This column must be a numeric value.
+- In the **`X-axis`**, select the column you want to use for the categories. This column can be of any data type.
+- In the **`Y-axis`**, select the column that contains the numeric values. This column must consist of numeric data.
+
+#### Line Chart
+
+The Line Chart is designed to visualize data points over a continuous range, making it ideal for displaying trends over time. To ensure clarity in the presentation, the maximum number of data points allowed in the line chart is **limited to 200**.
+
+- In the **`X-axis`**, select the column you want to use for the time or continuous variable. This column can be of any data type.
+- In the **`Y-axis`**, select the column that contains the numeric values. This column must consist of numeric data.
+
+### Options 
+#### Breakdown by
+
+The **Breakdown By** feature allows you to analyze your data in more depth across multiple visualization types, including Bar Charts, Column Charts, and Line Charts. 
+
+When you include a **Group By** clause in your query, you can break down your data by a specific attribute. This enables you to visualize how different categories or values contribute to the overall dataset.
+
+#### Group mode
+
+The **Group Mode** feature is available for Bar Charts and Column Charts, offering two display options: **stacked** and **grouped**.
+
+- **Stacked Mode**: This mode stacks the values of each subgroup into a single bar, allowing you to see the total value for each category along with the contributions of each subgroup.
+- **Grouped Mode**: In this mode, the bars for each subgroup are displayed side by side within each category, making it easier to compare the values between different subgroups.
+
+
+!!! warning
+    Due to the important amount of logs ingested, the Query Builder has **rate limits** to protect the platform's health.
+
+    There are 3 **rate limits**:
+
+    1. **Maximum number of processed rows:** At the moment the maximum value is 10 000.
+    2. **Maximum number of query:** 10 query executions are allowed per minute.
+    3. **Query timeout:** A query will timeout automatically after 10 minutes.
+
+    About the **maximum number of processed rows** limit, the Query Builder will display partial results in case this limit is reached.
 
 ## Save your query