Node-Link Graph Widgets

The Node-Link graph widget allows you to visualize relationships, patterns, and abnormalities present in log data. These relationships include, but are not limited to, network traffic between a source and destination host, and authentication between an origin user and a destination host.

The widget works in the following way:

  • By default, the number of nodes shown is 50. The more nodes you add, the more difficult it can become to work with the data in the widget.

    LogRhythm recommends having only one Node-Link graph widget per page.

  • By default, the most recent nodes appear. You can apply a filter, such as a time frame, in the Inspector panel to change this functionality.
  • When a node is a solid circle, it is a known entity and can be found in TrueIdentity. When the node is an empty circle, it is known.
  • In the Inspector panel, the colors assigned to logs do not indicate the type of log. 
  • The logs related to the nodes shown in the graph are available in the Analyzer grid.
  • Double-click a node to drill down in the data. The results open in an Analyze page.

To configure the Node-Link graph widget:

  1. Hover your mouse over the widget and click the Settings icon.
    A blue border appears around the widget and the Inspector panel opens on the right.
  2. Change any of the available options.
  3. Click the Save icon on the upper-right side of the page to save the modified widget to your dashboard layout.
  4. (Optional) Click the arrow to collapse the Inspector panel.

The Node Link Graph widget is NOT SUPPORTED in Internet Explorer at this time.

