The Distribution visualization shows data aggregated across one or several tags, such as hosts. Unlike the heat map, a distribution graph’s x-axis is quantity rather than time.
This visualization displays only a single query; additional queries are disregarded.
Note: Outlier detection cannot be performed for this visualization.
Configure your query as usual. The Distribution visualization supports metrics, live processes, APM request latency, log events, and RUM events. Note that this visualization type is useful only when data is aggregated across tag keys, e.g. for each host.
Make a selection in the “avg/max/min/sum by/etc.” control to see your data across the associated tags.
On screenboards only, choose whether your widget has a custom timeframe or the screenboard’s global timeframe.
With APM request distributions, you can add percentiles markers on the x-axis.
Axis controls are available via the UI and the JSON editor. They allow you to:
Display a custom title for your widget by activating the Show a Title check box:
Optionally define its size and alignment.
In addition to the standard full screen options, you can use x-axis controls to zoom in to a specific percentile.
This widget can be used with the Dashboards API. Refer to the Dashboards API documentation for additional reference.
The dedicated widget JSON schema definition for the distribution widget is:
Field
Type
Description
legend_size
string
DEPRECATED: (Deprecated) The widget legend was replaced by a tooltip and sidebar.
markers
[object]
List of markers.
display_type
string
Combination of:
x_axis_percentile.label
string
Label to display over the marker.
time
string
Timestamp for the widget.
value [required]
string
Value to apply. Can be a single value y = 15 or a range of values 0 < y < 10.
requests [required]
[object]
Array of one request object to display in the widget.
See the dedicated Request JSON schema documentation
to learn how to build the REQUEST_SCHEMA.
apm_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
event_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
log_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
network_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
process_query
object
The process query to use in the widget.
filter_by
[string]
List of processes.
limit
int64
Max number of items in the filter list.
metric [required]
string
Your chosen metric.
search_by
string
Your chosen search term.
profile_metrics_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
q
string
Widget query.
rum_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
security_query
object
The log query.
compute
object
Define computation for a log query.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
group_by
[object]
List of tag prefixes to group by in the case of a cluster check.
facet [required]
string
Facet name.
limit
int64
Maximum number of items in the group.
sort
object
Define a sorting method.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
order [required]
enum
Widget sorting methods.
Allowed enum values: asc,desc
index
string
A coma separated-list of index names. Use "*" query all indexes at once. Multiple Indexes
multi_compute
[object]
This field is mutually exclusive with compute.
aggregation [required]
string
The aggregation method.
facet
string
Facet name.
interval
int64
Define a time interval in seconds.
search
object
The query being made on the logs.
query [required]
string
Search value to apply.
style
object
Widget style definition.
palette
string
Color palette to apply to the widget.
show_legend
boolean
DEPRECATED: (Deprecated) The widget legend was replaced by a tooltip and sidebar.
time
object
Time setting for the widget.
live_span
enum
The available timeframes depend on the widget you are using.
Allowed enum values: 1m,5m,10m,15m,30m,1h,4h,1d,2d,1w,1mo,3mo,6mo,1y,alert
title
string
Title of the widget.
title_align
enum
How to align the text on the widget.
Allowed enum values: center,left,right
title_size
string
Size of the title.
type [required]
enum
Type of the distribution widget.
Allowed enum values: distribution
xaxis
object
X Axis controls for the distribution widget.
include_zero
boolean
True includes zero.
max
string
Specifies maximum value to show on the x-axis. It takes a number, percentile (p90 === 90th percentile), or auto for default behavior.
min
string
Specifies minimum value to show on the x-axis. It takes a number, percentile (p90 === 90th percentile), or auto for default behavior.
scale
string
Specifies the scale type. Possible values are linear.
yaxis
object
Y Axis controls for the distribution widget.
include_zero
boolean
True includes zero.
label
string
The label of the axis to display on the graph.
max
string
Specifies the maximum value to show on the y-axis. It takes a number, or auto for default behavior.
min
string
Specifies minimum value to show on the y-axis. It takes a number, or auto for default behavior.
scale
string
Specifies the scale type. Possible values are linear or log.
{
"legend_size": "string",
"markers": [
{
"display_type": "error dashed",
"label": "Error threshold",
"time": "string",
"value": "y = 15"
}
],
"requests": [
{
"apm_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"event_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"log_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"network_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"process_query": {
"filter_by": [],
"limit": "integer",
"metric": "",
"search_by": "string"
},
"profile_metrics_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"q": "host:X tags:Y",
"rum_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"security_query": {
"compute": {
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
},
"group_by": [
{
"facet": "resource_name",
"limit": 50,
"sort": {
"aggregation": "avg",
"facet": "@string_query.interval",
"order": "desc"
}
}
],
"index": "days-3,days-7",
"multi_compute": [
{
"aggregation": "avg",
"facet": "@duration",
"interval": 5000
}
],
"search": {
"query": ""
}
},
"style": {
"palette": "string"
}
}
],
"show_legend": false,
"time": {
"live_span": "string"
},
"title": "string",
"title_align": "string",
"title_size": "string",
"type": "distribution",
"xaxis": {
"include_zero": false,
"max": "string",
"min": "string",
"scale": "string"
},
"yaxis": {
"include_zero": false,
"label": "string",
"max": "string",
"min": "string",
"scale": "string"
}
}Additional helpful documentation, links, and articles:
