我正在尝试通过 Vega 可视化在 wazuh 上创建一个图表,它允许我显示两个重叠的图表。在输入中,我获取日志,其中日期 (
date_idYYYY-MM-DDmonth_total但是,我的问题是我可以单独构建两个图表,但无法使它们显示重叠。我想问题是我无法使用具有相同数据格式和范围的单个 X 轴。事实上,正如您从下面的照片中看到的,如果我使用两种不同的日期格式,那么图表至少会彼此相邻显示(但这不是我想要的),而如果我使用相同的格式,则回归线在不再显示的另一张图表上占据上风。
例如,在最后一张图中,我认为不重叠的问题是由于回归线实际上是由许多日期组成的,以至于它们也以图形方式显示。您认为,是否可以要求仅显示回归线的两个极值,以便两个图的 X 轴可能相同?
或者您是否知道允许这种重叠的其他方法?预先非常感谢您的帮助!
PS: 这是我的维加代码:
{
$schema: https://vega.github.io/schema/vega-lite/v5.json
description: Linear Regression Line Graph for Telegram ban
data: {
url: {
index: wazuh-alerts-*
body: {
query: {
bool: {
must: [
{
match: {
data.last_day_of_month: "true"
}
match: {
data.last_day_of_month: "true"
}
}
%dashboard_context-must_clause%
{
range: {
data._id: {
%timefilter%: true
}
}
}
]
}
}
sort: [
{
data._id: {
order: asc
}
}
]
size: 10000
_source: [
data
]
}
}
format: {
property: hits.hits
}
}
transform: [
{
calculate: datum._source.data._id
as: date_id
}
{
calculate: datum._source.data.month_total
as: month_total
}
{
filter: datum.date_id != null && datum.month_total != null
}
]
layer: [
{
mark: point
encoding: {
x: {
field: date_id
type: nominal
//title: Data
axis: {
grid: true
}
}
y: {
field: month_total
type: quantitative
}
tooltip: [
{
field: date_id
type: nominal
title: Data
}
{
field: month_total
type: quantitative
title: Totale mese
}
]
}
}
{
mark: line
encoding: {
x: {
field: date_id
type: nominal
}
y: {
field: month_total
type: quantitative
}
color: {
value: red
}
}
}
{
transform: [
{
calculate: utcParse(datum.date_id, '%Y-%m-%d')
as: date
}
{
regression: month_total
on: date
method: linear
}
]
mark: line
encoding: {
/*
// Code used when the regression line uses the YYYY-MM-DD format and does not allow the display of the other graph
x: {
field: date
type: temporal
format: %Y-%m-%d
scale: {
type: utc
}
axis: {
labelExpr: timeFormat(datum.value, '%Y-%m-%d')
}
}
*/
x: {
field: date
type: nominal
}
y: {
field: month_total
type: quantitative
}
color: {
value: blue
}
tooltip: [
{
field: date
type: temporal
format: %Y-%m-%d
scale: {
type: utc
}
title: Data
}
{
field: month_total
type: quantitative
title: Totale mese
}
]
}
}
]
}
这是一个输入日志示例:
{
"_index": "wazuh-alerts-4.x-2024.12.16",
"_id": "xKZOz5MBNpnkM_7VuEE0",
"_version": 1,
"_score": 0,
"_source": {
"input": {
"type": "log"
},
"timestamp": "2024-12-16T11:50:43.536+0000",
"source": "wazuh",
"@version": "1",
"manager": {
"name": "wazuh.manager"
},
"data": {
"_id": "2016-12-31",
"last_day_of_month": "true",
"month_total": "2652",
"banned_today": "110"
},
"location": "API-Webhook",
"full_log": "Dec 16 12:50:43 kali telegram: {\"_id\": \"2016-12-31\", \"banned_today\": \"110\", \"month_total\": \"2652\", \"last_day_of_month\": true}",
"predecoder": {
"program_name": "telegram",
"timestamp": "Dec 16 12:50:43",
"hostname": "kali"
},
"rule": {
"firedtimes": 2893,
"level": 3,
"description": "Scraper Telegram per ban giornalieri canali",
"groups": [
"telegram"
],
"mail": false,
"id": "100004"
},
"@timestamp": "2024-12-16T11:50:43.536Z",
"agent": {
"id": "000",
"name": "wazuh.manager"
},
"id": "1734349843.963034",
"decoder": {
"name": "telegram"
}
},
"fields": {
"rule.id": [
"100004"
],
"source": [
"wazuh"
],
"full_log": [
"Dec 16 12:50:43 kali telegram: {\"_id\": \"2016-12-31\", \"banned_today\": \"110\", \"month_total\": \"2652\", \"last_day_of_month\": true}"
],
"data.month_total": [
"2652"
],
"manager.name": [
"wazuh.manager"
],
"predecoder.timestamp": [
"Dec 16 12:50:43"
],
"@version": [
"1"
],
"agent.name": [
"wazuh.manager"
],
"id": [
"1734349843.963034"
],
"data.banned_today": [
"110"
],
"timestamp": [
"2024-12-16T11:50:43.536Z"
],
"data.last_day_of_month": [
"true"
],
"predecoder.program_name": [
"telegram"
],
"data._id": [
"2016-12-31"
],
"predecoder.hostname": [
"kali"
],
"input.type": [
"log"
],
"rule.description": [
"Scraper Telegram per ban giornalieri canali"
],
"rule.mail": [
false
],
"@timestamp": [
"2024-12-16T11:50:43.536Z"
],
"agent.id": [
"000"
],
"decoder.name": [
"telegram"
],
"location": [
"API-Webhook"
],
"rule.firedtimes": [
2893
],
"rule.groups": [
"telegram"
],
"rule.level": [
3
]
}
}