Forum Discussion
Monthly incident bar graph
Hello, I'm trying to create a bar graph for total number of incidents that were generated in the last 6 months. Something like the attached image. Is it possible to create that in sentinel? T...
SecurityIncident // get logs for previous n months | where TimeGenerated between(startofmonth(now(),-7) ..endofmonth(endofmonth(now(),-1)) ) | extend yy = datepart("Year", TimeGenerated) | extend mm = datepart("Month", TimeGenerated) | summarize count() by month=bin(datepart("Month", TimeGenerated), 1), tostring(yy), mm // format month so we can sort it | extend month = case(month==1,strcat('Jan/',yy),month==2,strcat('Feb/',yy),month==3, strcat('Mar/',yy),month==4,strcat('Apr/',yy),month==5,strcat('May/',yy),month==6,strcat('Jun/',yy),month==7, strcat('Jul/',yy),month==8,strcat('Aug/',yy),month==9,strcat('Sep/',yy),month==10,strcat('Oct/',yy),month==11,strcat('Nov/',yy),month==12,strcat('Dec/',yy),"error") | order by yy asc, mm asc | project-away yy,mm | render columnchart title='Incident by Month'
This is wonderful! Now I was wondering is there a way to add a line graph on top of this graph? The current bar graph is incidents. The line graph would be escalations to a certain user/group.
not possible as far as I know
