Hunting down the threats in large volumes of data often requires analyzing trends and statistics. To speed up your work, we added the aggregation feature to create and view aggregations on your events.

On the event page, enable the aggregation view and select an aggregation method to compute a visualization on the results of any search query. The aggregated values will be displayed over time under the aggregation method you selected.

For this first beta version, we already support the following aggregation methods:

• Count : count events
• Cardinality: count the number of distinct values in a field
• Sum: sum the values of a field
• Min: the minimum value of a field
• Max: the maximum value of a field
• Average: the average value of a field