Skip to content
Open in ChatGPT Open in Claude

Overview tab for logs

The Overview tab in Explore turns the logs returned by your query into a sortable, aggregated view — top contributors, distributions, and bar or pie visualizations — so you can see where the load is concentrated without rebuilding the query as a chart. The Logs and Templates tabs sit alongside it for raw events and shared-message grouping.

Explore result panel with the Overview tab selected

For the spans equivalent, see Overview tab for spans.

When to use the Overview tab

Use the Overview tab when you want the shape of your log data, not the events themselves:

  • Find the heaviest contributors. Rank applications by error count, subsystems by log volume, or hosts by severity mix.
  • Find the low end of the distribution. Order ascending with a small limit to surface low-volume subsystems that may have stopped reporting.
  • See the distribution at a glance. A pie or bar visualization makes it easy to tell which severity, application, or subsystem dominates.

How the Overview tab populates

The Overview tab is driven by the same Grouped by and Aggregation clauses you set in Query Builder:

  • In Builder mode, apply a Grouped by or an Aggregation clause and Explore moves you to the Overview tab automatically — the aggregated shape is what you came for, so it leads.
  • Clear the Grouped by and Aggregation clauses, and the Logs tab takes the lead again.
  • For queries with no time bucketing, the Overview tab shows a count by default even before you add an aggregation, so you always see something useful when you land there.

Order by and Limit

The Order by and Limit chips in the Query Builder only affect the Overview tab. They never reshape the Logs or Templates tabs.

  • Order descending to surface the busiest groups — top error counts, top log volume, top severity mix.
  • Order ascending with a small limit to find the quiet outliers. For example, group by coralogix.metadata.applicationName, aggregate count(), set order by to ascending, and set the limit to 10 — the lowest-volume applications surface at the top of the table.
  • The default limit is 100. Lower it to focus on the leaders; raise it when you need the full distribution.

Visualizations

The Overview tab includes bar and pie visualizations that share the chart legend's data, presented so you can rank, filter, and drill into it.

Visualizations apply to non-time-bucketed groupings — for example, a count grouped by coralogix.metadata.severity. Time-bucketed series stay in the time-series chart above the result panel.

Use the Visualize as dropdown in the Overview tab's result toolbar to switch between Table, Horizontal bar, Vertical bar, and Pie chart. The dropdown is disabled until you submit a query with a Grouped by clause — the tooltip on the disabled control reads Use Group By in the Builder to unlock additional visualizations. When the query no longer supports charts (for example, after clearing Grouped by), the visualization falls back to Table.

Choose a visualization type

The Visualize as dropdown toggles between four chart types. The default view is Table.

Table

Displays grouped query results as rows and columns. Use the table to:

  • Sort, scan, and compare values across groups.
  • Drill into a specific group to view its underlying logs.
  • Read aggregated values precisely, without inferring them from a chart.

Vertical bar

Displays values as vertical bars along a categorical axis. Use vertical bars to:

  • Compare discrete values across groups (for example, error count by application).
  • Spot peaks at a glance.
  • View stacked or grouped breakdowns when multiple groupings are applied.

Horizontal bar

Displays values as horizontal bars, with categories on the vertical axis. Use horizontal bars to:

  • Rank categories by value (for example, top subsystems by log count).
  • Compare named groups where labels are long or numerous.
  • Present leaderboard-style views of aggregated data.

Pie chart

Displays values as wedges of a circle, proportional to their share of the total. Use a pie chart to:

  • See the distribution of a small set of groups at a glance.
  • Communicate share-of-total at a quick scan.
  • Compare two or three dominant groups against the rest.

Interact with the chart

All chart visualizations in the Overview tab are interactive. Use them to drill down, refine your query, or pivot your investigation.

Drill down into a data point

Select any bar, slice, or row to open a context menu. Select Drilldown to view the underlying logs that contributed to the selected value — useful for investigating the data behind a spike or outlier.

Filter values from a chart

Select a chart element to open a context menu with field-level actions:

  • Filter row: narrow results to those in the selected row.
  • Include in query: add the value as a filter on the current query.
  • Exclude from query: add the value as an exclusion filter on the current query.
  • Copy value, Copy key, Copy query: copy the data point value, field key, or the full query to the clipboard.

Refine your investigation directly from the visualization without manually editing the query.

The Logs and Templates tabs

The Logs and Templates tabs share the same result panel and respond to the same dataset and time range, but they answer different questions:

  • Logs: every raw log the query matched, up to the result cap, in your configured columns. Use it to inspect specific events, walk forward and back in time, or export rows.
  • Templates: high-volume logs grouped by shared message structure. Use it to find new, rare, or recurring patterns when scanning raw records is impractical. See Templates for the full feature.

Switching tabs preserves your query, filters, and time range — only the way the result is presented changes.

Next steps

Group high-volume logs by shared message patterns with Templates.

Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Log details panel
Next Templates