In AMP, go to the Log Search screen.
Click on Visualizations.
Click the Create new visualization button.
In the New Visualization pop up, select the Vertical Bar visualization option.
Choose a source.
In sources select <PARTNER_ACCT_ID>_<CUSTOMER_ACCT>_customer.
Partner accountId may be 1 or another number. Select the source matching the account number in the top right corner of the AMP page or listed on the Account page followed by “_customer”.
Log Search will refresh to display the query screen. From here, the visualization can be configured.
Follow the documentation to add a filter for the reportId before moving to the next step.
Two additional filters are going to be applied to this visualization:
Click on Add filter
Set the first filter up to look like the below and click Save.
Next hit the Add filter button again and set it up to look like the below and Save it.
Under Metrics this should already be set to Y-axis Count. No change is needed.
Two buckets are needed to configure this visualization. Under Buckets, click the Add button, making sure to select X-axis.
In the Aggregation drop down, select Date Histogram.
In the Field box, enter “@timestamp” or search for it.
For minimum interval select 3 hours or type in “3h”.
Order by, Order and Size should all remain with their default values. Properly configured, the first bucket will look like the screenshot below:
To add the second bucket, click the Add button underneath Buckets, making sure to select split series.
In the Sub aggregation dropdown, select Terms.
In the Field, enter “rule.Ctrl_Obj” and select it.
Order by, Order and Size will be set to default. Properly configured, the second bucket will look like the screenshot below:
When both buckets are configured, click the Apply Changes button.
Set the date range for the visualization.
If the range encompasses more than one report, an additional filter with the report id can be added to narrow down the results if desired.
Save the visualization by clicking Save in the top left of the screen.