# Timeseries Visualization When the ***Timeseries*** visualization type is chosen, the **Total Events** section below represents a graph with a sequence of vertical bars collected over the same periods of time (where the time interval for each column is defined by the [Time Range](https://docs.edgeport.com/product-docs/service-menu/logs/time-range) option in the top right corner of the *Logs* panel).

{% hint style="info" %} For now, this visualization type is available for ***Delivery*** events only. It will be expanded to cover other event types in the upcoming releases. To get more space for investigating this graph, use the ***Options > Service Time*** switch in the top right corner to conceal the upper plot. {% endhint %} This data representation mode provides extended capabilities for intricate data analysis by means of advanced grouping options that appear under the visualization selection row upon choosing this display type.

There are 2 types of data management controls here: * **Group into** - defines the entity by which the data should be grouped (currently, only the *fields* selection is available here; advancement is coming soon) * **Show** - grouping parameters of the following structure: * ***Count unique*** - an expandable list, with the ability to choose an item or attribute that will be tallied uniquely within the given data set: * *client\_ip* - to count unique IPs the requests came from * *client\_city* - to count specific locations the requests came from * *client\_country\_code* - to count distinct countries the requests came from * *cache\_status* - to count particular requests’ cache statuses (TCP\_HIT, TCP\_MISS, CONFIG\_NOCACHE, etc) * *client\_as\_org* - to count unique networks or organizations the requests came from * *client\_isp* - to count unique Internet Service Providers the requests came from * *user\_agent* - to count unique User-Agent request headers * *host* - to count unique requested application hostnames * *method* - to count request methods (GET, POST, HEAD, etc) * *path* - to count requested application assets * *pop* - to count ADN/CDN points of presence the requests were delivered from * ***by*** - defines the parameter for grouping the events sorted upon the *Count unique* condition; the given list of options includes all the items mentioned above plus a set of additional ones as follows: * *client\_asn* - to group requests by the network’s or organization’s Autonomous System Number (ASN) * *status\_code* - to group requests by the request status code (200, 201, 202, etc) * *waf\_audit\_alert* - to group requests by true/false value of the boolean that indicates triggering of the WAF Audit mode alert * *waf\_prod\_action* - to group requests by true/false value of the boolean that indicates triggering of the WAF Block mode alert for production profiles * *waf\_prod\_alert* - to group requests by true/false value of the boolean that indicates triggering of the WAF Audit mode alert for production profiles * *rl\_alert* - to group requests by true/false value of the boolean that indicates triggering of the Rare Limiting alert You can add as many additional ***by*** parameters as you need to. Also, by using a separate ***limit to*** control on the right, you can define the number of groups to display - either *top 10*, *top 20*, or *top 50* - ranged based on the number of included results.

After applying all desired grouping filters, data within the graph columns is aggregated accordingly. Each group within a column is represented by a distinct color, with a corresponding color legend listed below the graph for clarity.

Hover over any of the colored groups within a column to view information about its label (i.e. the last ***by*** parameter value) and the number of records included based on your set grouping filters. Additionally, hovering over a particular color block within the legend will highlight all the corresponding color sections on the graph.