Here is a quick sample query and visualization instructions
Here is a great query to get started with: Looking for firmware upgrades and counting destination IPs associated from your syslog data:
tag=syslog grep *.upg*
| regex "Dest_IP=(?P<query>[0-9\.]+)”
| count by query
| chart count by query
By using chart in the query we then have a few different types of charts to select from to help clearly visualize the data.
With a query like above something like a pie chart might look nice. You can change the chart to a pie chart by selecting the little “gear” icon in the chart window, and selecting the pie chart renderer from there: