Search, chart, and report examples

Let's explore some other search examples, work with chart visualizations, and save the searches as reports.

Example: Compare counts of user actions

In this example you will calculate information about the actions customers have taken on the online store website.

• The number of times each product is viewed
• The number of times each product is added to the cart
• The number of times each product is purchased

Prerequisite
This example uses the productName field from the prices_lookup that you created in the Enabling field lookups section in this tutorial. You must complete all of those steps in that section before continuing with this example.

Steps

1. Start a new search.
2. Set the time range to All time.
3. Run the following search.

   sourcetype=access_* status=200 | chart count AS views count(eval(action="addtocart")) AS addtocart count(eval(action="purchase")) AS purchases by productName | rename productName AS "Product Name", views AS "Views", addtocart AS "Adds to Cart", purchases AS "Purchases"

   This search uses the chart command to count the number of events that are action=purchase and action=addtocart. The search then uses the rename command to rename the fields that appear in the results.

   The chart command is a transforming command. The results of the search appear on the Statistics tab.

   

4. Click the Visualization tab. The search results appear in a Pie chart.
5. Change the display to a Column chart.

   

Example: Overlay Actions and Conversion Rates on one chart

In this example, you will use the stats command to count the user actions. The eval command is used to calculate the conversion rates for those actions. For example, how often someone who viewed a product added the product to their cart.

Prerequisite
This example uses the productName field from the prices_lookup that you created in the Enabling field lookups section of this tutorial. You must complete all of those steps in that section before continuing with this example.

Steps

1. Start a new search.
2. Change the time range to All time.
3. Run the following search.

   sourcetype=access_* status=200 | stats count AS views count(eval(action="addtocart")) AS addtocart count(eval(action="purchase")) AS purchases by productName | eval viewsToPurchases=(purchases/views)*100 | eval cartToPurchases=(purchases/addtocart)*100 | table productName views addtocart purchases viewsToPurchases cartToPurchases | rename productName AS "Product Name", views AS "Views", addtocart as "Adds To Cart", purchases AS "Purchases"

   The eval command is used to define two new fields. These fields contain the conversion rates.

   • The viewToPurchases field calculates the number of customers who viewed the product to the number of customers who purchased the product. The calculation returns a percentage.
   • The cartToPurchases field calculates the number of customers who added the product to their cart to the number of customers who purchased the product. The calculation returns a percentage.

   

   The next few steps reformat the chart visualization to overlay the two data series for the conversion rates, onto the three data series for the actions.

4. Click the Visualization tab.

   This is the same chart as in Example 1, with two additional data series, viewsToPurchase and cartToPurchase.

   

5. Click Format and X-Axis.

   Because the labels on the X-Axis are difficult to read, let's fix that.

   

   1. Rotate the label -45 degrees.
   2. Close the Format dialog box.

      Notice the change in the labels on the X-Axis. Look at the numbers on the Y-Axis. They range from 1000 to 3000.

6. Click Format and Y-Axis.

   To make the chart easier to read, add a label and specify different number intervals on the Y-Axis.

   1. For Title, choose Custom and type Actions.
   2. For Interval type 500.
   3. For Max Value type 2500.

      

   4. Close the Format dialog box. Notice the label and values on the Y-Axis.
7. Click Format and Chart Overlay.

   To separate the actions (views, adds to cart, and purchases) from the conversion rates (viewToPurchases and cartToPurchases), you can overly one set of values over another set. In this example you will overlay the conversion rates over the actions.

   1. For Overlay, click inside the box and select viewsToPurchase. Click inside the box again and select cartToPurchase.
   2. For View as Axis, click On.
   3. For Title, choose Custom

      

   4. Type Conversion Rates.
   5. For Scale, click Linear.
   6. For the Interval type 20. For the Max Value type 100.

      

      The axis on the right side of the chart is called the second Y-Axis. The label and values for the line series appear on this axis.

8. Click Save As and select Report.

   

   1. In the Save Report As dialog box, for Title type Comparison of Actions and Conversion Rates by Product.
   2. For Description, type The number of times a product is viewed, added to cart, and purchased and the rates of purchases from these actions.
9. Click Save
10. In the confirmation dialog box, click View.

    

Example: Products purchased over time

Create a report that charts the number of purchases that were completed for each item in the last week.

Prerequisite
This example uses the productName field from the prices_lookup that you created in the Enabling field lookups section of this tutorial. You must complete all of those steps in that section before continuing with this example.

Steps

1. Start a new search.
2. Change the time range to Previous week.
3. Run the following search.

   sourcetype=access_* | timechart count(eval(action="purchase")) by productName usenull=f useother=f

   This search uses the count() function to count the number of events that have the field action=purchase.

   The search also uses the usenull and useother arguments to ensure that the timechart command only counts events that have a value for productName.

   The following table appears on the Statistics tab.

   

4. Click the Visualization tab.
5. Change the chart type to a Line chart.
6. In the Format drop-down list, format the X-Axis, Y-Axis, and Legend using the settings in the following table.

   Chart changes	Setting or value
   Chart type	Line
   X-Axis CustomTitle	Date
   X-Axis Labels	-45 degree angle
   Y-Axis Custom Title	Purchases
   Y-Axis Interval	10
   Legend Position	Top

   The following image shows the updated chart.

   

7. Click Save As and select Report.

   

   1. In the Save Report As dialog box, for Title type Product Purchases over Time.
   2. For Description, type The number of purchases for each product.
   3. For Content, select Line Chart and Statistics Table.
   4. For Time Range Picker, keep the default setting Yes.
8. Click Save.
9. In the confirmation dialog box, click View to see the report.

   

Example: Purchasing trends

This example uses sparkline charts to show trends in the number of purchases made over time.

Sparklines are inline charts that appear in the search results table and are designed to display time-based trends associated with the primary key of each row. For searches that use the stats and chart commands, you can add sparkline charts to the results tables.

Prerequisite
This example uses the productName field from the prices_lookup that you created in the Enabling field lookups section in this tutorial. You must complete all of those steps before continuing with this example.

Steps

1. Start a new search.
2. Change the time range to All time.
3. Run the following search.

   sourcetype=access_* status=200 action=purchase| chart sparkline(count) AS "Purchases Trend" count AS Total by categoryId | rename categoryId AS "Category"

   This search uses the chart command to count the number of purchases by using action="purchase". The search specifies the purchases made for each product by using categoryId. The difference is that the count of purchases is now an argument of the sparkline() function.

   

4. Click Save As and select Report.
5. In the Save Report As dialog box, for Title type Purchasing trends.
6. For Description, type Count of purchases with trending.

   

7. Click Save.
8. In the confirmation dialog box, click View.

   

Next step

This completes Part 6 of the Search Tutorial.

Up to now, you have saved searches as Reports. Continue to Part 7: Creating dashboards, where you learn how to save searches and reports as dashboard panels.

See also

chart command in the Search Reference
Transforming commands in the Search Manual
Add sparklines to your search results in the Search Manual