Activeboards Fundamentals - Exercise 3.4 - Donut/Pie widget (II)

Arcadia is truly concerned about trojans. One of their points of defense is a McAfee antivirus ecosystem that logs its data into the av.mcafee.epo.threat data table.

As usual, spend some time to get to know this source.

Trojans come in many sizes and shapes, so our objective is to check and plot different trojan activity.

• Open the av.mcafee.epo.threat data table.
• Go to the threatType field and get rid of everything but trojans. We want to focus just on trojans.
• Hover over the the threatName field. You should see a relatively small number of distinct values. That is, we have plenty of trojan activity but only a handful of distinct types of trojans.
• Now, what type of widget could be appropriate for plotting this kind of information? Donut and pie chart widgets excel at representing proportions over a finite set of possible values. 
• But we are not ready to work with activeboards yet. It’s best practice to include aggregations in the query for widgets, and we have barely started the filtering phase.
• Instead of getting the total trojan activity, we want to exclude the three biggest hosts, as those are maintained by other team. They are “ts-server01”, “ts-server01”, and “ts-server01” and are logged in the analyzerHostname field. You may use an OR filter for that.

  

• We are ready for the grouping. Group by threatName every hour.
• Lastly, perform a count aggregation.

We are ready for the activeboard phase.

• Add a donut/pie chart widget to your activeboard.
• Set the time range to include the last week.
• Enter the query and save the changes.

Still here?

Let’s do an extra step. Even though we took some measures to have a reduced number of values in order to have a chart that was easy to read, we might still need to go full screen or resize the chart.

Instead of that, open the properties of the widget, click on the visual tab, and locate the Limit slices setting. Set it to 10.