Performing complex scenario analysis using the aggregation widget - Security Center 5.10

You can perform complex scenario analysis on records registered with the Record Fusion Service using the Aggregation widget in the Dashboards task. With this widget, you can easily drill down large amounts of data to discover new information.

1. Create a dashboard.
2. Drag the Aggregation widget to the dashboard.
3. Move the widget into position and resize as needed.
4. In the widget-specific options, select the Aggregation options.

   Operation

   Select the aggregation function you want to apply on the selected field for records matching the specified filter criteria. The aggregation functions are: Count, Count distinct, Average, Maximum, Minimum, Standard deviation, Sum, Variance, and Median.

   Apply over

   Select the field on which you want to apply the aggregation function. You can either select a field assigned to one of the standard functions: ID, Time, Latitude, Longitude, or select a field by name.

   To select a field by name, click Custom, then click , and then select the field you want from the list.

   Group by

   You can optionally group the aggregation results by the value of another field. You have the following grouping options:

   Timestamp

   If all your record types have a Timestamp field, you can group the results by year, month, day of the week, hour of the day, or minute of the hour. If one of the record types you selected lacks the Timestamp field, that record type is excluded from the results.

   Record type

   If you are reporting on multiple record types, you can group by record type.

   Role

   If you have more than one record provider in your system, you can opt to group your results by role. The roles that can act as record providers are the Record Caching Service roles, the Map Manager role, and the Plugin roles.

   Custom

   You can use any field that is common to all your selected record types for grouping. To select a field, click Custom, then click , and then select the field you want from the list.

5. Select the record types you want to analyze.
   1. In the Record types section, click Add and item ().
   2. Select the record types you want and click OK.
   Ensure that all the record types you select have the fields used for aggregation and grouping.
6. (Optional) Add filters for the records you want to analyze.
   You can set three types of filters:

   Time range

   Include only records falling within a specified time range. You can set this filter if all selected record types have the Timestamp field.

   Location

   Include or exclude records found within the boundaries of regions drawn on the map as polygons. You can set this filter if all selected record types are georeferenced.

   Conditions

   Include only records that meet certain conditions. These conditions can be based on any record fields.

   To learn how to set up the record filters, see Using correlation to derive useful intelligence.

   NOTE: If a filter or a condition does not apply to a record type, it is ignored for that record type.
7. Click Rendered as and select the type of chart you want.
   You can choose from the following types:

   • Columns (default)
   • Doughnut
   • Stacked columns
   • Lines
   • Pie
   • Rows
   • Stacked rows
8. To give a title to your chart, turn Show title on and set the Title.
9. To change the background color, click Background and select a color.
10. To force the widget to refresh at regular interval, turn Auto refresh on and set the refresh interval.
11. Click Done.
12. Click Show in records report to open the Records task to display a report using the same record types and filters.
    The aggregation function is not applied by the Records report, therefore, you might get a large number of records back. If the number of results exceeds the maximum allowed, you get a warning message.

    

    Tip: You can change the Maximum number of results that the Records task can return in the Performance page of the Options dialog box.

Example

Suppose you have three record types defined as follows:

Arrests

Arrest date, Last name, First name, Age, Sex, Crime type, Race, and so on.

Gun offenders

Report date, Last name, First name, Age, Sex, and so on.

Sex offenders

Report date, Last name, First name, Age, Sex, and so on.

To create a chart that shows the average monthly offenders age by category, meaning by record type, select the Average operation, apply it to the Age field, and group the results by Record type.

In the Record types section, add the record types Arrests, Gun offenders, and Sex offenders.

In the Time range section, select During the last 1 month.

Scroll to the bottom of the Aggregation settings, configure the Title, the Background color, and the Auto refresh option of the widget, and then click Done.

To change the type of chart, click Edit dashboard and then click your widget. Click Rendered as, select the type of chart, and then click Done.

The Rows chart is like the Columns chart rotated 90 degrees. However, the results are displayed with greater precision.

Click a result legend to temporarily hide it from the chart.

Click to restore all results.

If you choose the Pie chart, the percentage of records in each category is also indicated.

If you choose the Doughnut chart, the sum of the results is also displayed in the center.

To drill down, right-click a result on the chart and select how you want to further explore that result. In our current example, you can right-click the purple section (Arrests), and select CrimeType to view the breakdown of arrests by crime type.

The result is a new chart showing the distribution of all arrests by crime type. You can scroll down to see all crime types.

You can further drill down by clicking the turquoise section ("M" for murder) and selecting Race. The result is a breakdown of all murders by race. Scroll down to see all the categories.

As you drill down, the widget leaves a bread-crumb. Click any bread crumb to go back to that step.

Click Show in records report to view the current results in the Reports task.

Click Start to view the original chart without loosing your drill-down steps.

Click to clear all drill-down steps.