v1.2.0
Visit the Brim Data download page page to find the package for your platform.
Improved Tabs
This change is relevant for users that have have additional Zed lake connections besides just the one to the default lake that starts behind Zui. You'll notice that now each time you switch connections Zui updates the tabs so only the ones for the current-selected lake are shown.
Generalized Stacked Bar Chart
If you're familiar with Zui's history, you may know that its stacked bar chart was based on Zeek-style data such that it was hard-coded to expect a time field called ts
that would provide data for its X-axis and a field called _path
that was subject to count() by
to make the colored segments in the bars. With this release the chart is now generalized so that:
- Any time field can be specified (and if you've configured a pool key other than
ts
, it will start out using that) count() by typeof(this)
now populates the stacked bars by default, but you can change this to use any other field- If a pool is created from an imported pcap,
ts
and_path
are used by default as before - You can also now toggle the chart off/on and resize it
For an example of the new behavior in action, this video uses the prs.zng
GitHub test data from the zq
tutorial. This has a time field called created_at
so we use it as our pool key, then after observing the bars with the default count() by typeof(this)
we change the Color Field setting to login.user
so we can see stacked bars based on who opened Pull Requests. Try it yourself!
Other Changes
- Update Zed to v1.9.0
- Update Brimcap to v1.5.1
- The stacked bar chart is now generalized for any time-based data (not just Zeek-like with
_path
&ts
fields) (#2785, #2794, #2805) - The stacked bar chart is now resizable and can be toggled off/on (#2806, #2810)
- A single Zui window now shows tabs only for the currently selected Zed lake connection (#2797)
- Fix an issue where attempting to save a Zed query that contained a parse error caused a stack dump (#2803)
- Fix an issue where a table of results was sometimes rendered with blank rows (#2813)
- Fix an issue where comments at the end of a Zed program caused the queries that populate the stacked bar chart to fail (#2822)