Users were not able to find the events they needed in the system log of an identity management platform. They were being forced to download their data and manipulate it in Excel. We wanted to fix this and to use our solution as the foundation for a new analytics product area.
I started by identifying the various user groups that utilize the logs, their use cases, and their pain points. The main use case was troubleshooting, and the main issues with troubleshooting were:
I made a simple looking interface that allows a user to easily search using any value, but also to construct complex custom queries on any field. Typeahead suggests values that exist in the data for each filter field as it's suggested. In addition, a user may, upon finding an event with a relevant value (the main way that users described finding relevant values to filter by), simply click the value to add a filter by that field and value. Histograms at the top show distribution of events across each value of the most important fields, making it easy to find patterns.
The query builder.
Individual events can be expanded to see all the data associated with them.
Queries can be saved to rerun at later times. A save button appears when a query is created or altered.
In addition to a tabular view, users may choose to visualize their data as a map or graph.