Recent blog posts

How do you encode hundreds of data points into one single graph? Use Sparklines.

By Raffael Marty  Add a new comment

November 30, 2008, 5:13 PM Have you tried to visualize your traffic flows? Did you have the problem that your graphs got really cluttered? Did you find a way around that problem? Did you filter data? Did you aggregate multiple nodes into one?

Aggregation and filtering are two of the steps that can be used to reduce the number of data points in a graph. Oftentimes that is very useful. Other times the reduced amount of information is not desirable. In those cases, you need to switch your graph type and use something that can encode more information. One such graph type is Sparklines.

"Sparklines are data-intense, design-simple, word-sized graphics". [Edward Tufte (2006). Beautiful Evidence. Graphics Press. ISBN 0961392177]

The following is a sample Sparkline:

You can see that there are no units shown at all. They are not of interest. It's the general development of the measure that is of interest. Generally the y-axis (horizontally) shows time. That way you see the development over time of your desired measure. An example would be a stock price. You can see how a specific stock - or a market - developed over time. You are interested not necessarily in the absolute stock value, but in the development over a fixed time period. If you do this for multiple stocks, you can compare them very nicely due to the fact that the prices are normalized.

I am using Sparklines to analyze various types of log files. For example, to monitor host configurations, such as the number of processes running on my servers or the number of open ports. For this post, I am going to stick to an easier example. I am going to analyze the number of flows captured via a traffic flow log.

The graph shows - over time - which IP addresses and what services have been active. There are many many things you can see in this visualization. You can find patterns that repeat for a set of IP addresses, patterns that show up for pairs of sources and destinations or destinations and ports. You can see periodic behavior and gaps or spikes in such.

The graph is even more insightful if you know more about the environment. For example, if you knew the IP addresses of the DNS servers in this network you could draw certain conclusions. You might find policy violations or mis-configurations in this graph. Maybe you find suspicious activity or machines on the network that should not be there.

To generate your own Sparklines, I recommend the JavaScript Sparklines implementation from Gareth Wattts.

    Add a comment

    Post a comment using one of these accounts
    Or join now
    At least 6 characters

    Note: Comment will appear soon after you have activated your account.
    Obscene/spam comments will be removed and accounts suspended.
    The information you submit is subject to our Privacy Policy and Terms of Service.

    ITworld LIVE

    SecurityWhite Papers & Webcasts

    White Paper

    Cloud Security Vendor Round Table

    This vendor round table guide will help you to evaluate different cloud technology vendors and service providers based on a series of questions posed to three cloud infrastructure providers, three managed or hosted infrastructure providers, and three cloud technology providers. Compare their answers to questions on data protection, compliance, ROI and more.

    White Paper

    Cloud Security Planning Guide

    Cloud security considerations span protecting hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different endpoints. This guide provides recommendations for strengthening data, identity, and platform protection and will also walk you through seven key steps to plan your cloud security strategy from the ground up.

    White Paper

    Planning Guide - Technology for Tomorrow's Cloud

    This cloud planning guide will introduce you to data center technologies that address challenges of networking, storage, security, and power management. It's based on Intel's experience working with IT managers, cloud providers, and security and power management vendors-as well as the experience Intel has gained building and deploying its own cloud technology.

    White Paper

    Cloud Security Insights for IT Strategic Planning

    The survey results of 200 IT professionals highlights the key business and technology drivers behind implementation plans, the importance of security, and the level of investment in security required. This benchmark data can be used for your own cloud security planning.

    White Paper

    Expert Guide to Secure Your Active Directory

    Layered security is the way to go when it comes to protecting Active Directory. This expert e-guide explains the best method to use when planning and designing a security solution. Find out why it is important to secure Group Policy settings and discover how managed service accounts boost server security in R2.

    See more White Papers | Webcasts

    Answers - Powered by ITworld

    ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

    Join Now

    New questions

    Is number of Facebook LIKEs are important for online business success?
    1 answer
    Which is the best VPS hosting company In India?
    0 answers
    How can I convert pdf files to Word format?
    3 answers
    How important is a Klout score during a job search?
    2 answers
    Is my phone hacked? I have a undeletable message in my inbox. It has no details of a sender and the message is blank. Is this a hack?
    1 answer
    View more questions

    Ask a question

    Join Now or Sign In to ask a question.
    Ask a Question