Hello

In the search as below:

index=_audit action=alert_fired ss_app=app_name 
| eval alert_severity = case (severity==1,"Information",severity==2,"Low", severity==3,"Medium",severity==4,"High",severity==5,"Critical")
| fields _time ss_name severity trigger_time alert_severity 
| stats earliest(trigger_time) as min_time, latest(trigger_time) as max_time, sparkline(count) as Spark_line, count by ss_name alert_severity
| eval min_time = strftime(min_time, "%Y-%m-%d %H:%M:%S")
| eval max_time = strftime(max_time, "%Y-%m-%d %H:%M:%S")
| table ss_name, min_time, max_time count alert_severity
| rename ss_name as "Alert Name" min_time as "Start Time" max_time as "End Time" count as "Number of Alerts" alert_severity as "Criticality"

The Sparkline produced is correct in count (image001.png) and presentation. But it is shkrinked to a very small size and does not look good.

So I try to change from:
sparkline(count,30m) as Spark_line  ->  sparkline(count,30m) as Spark_line

This time the layout is much better, the result is OK (image002.png), but the Graphic Presantation (points) are wrong.

How can I have the right graphical presentation  by keeping sparkline wide enough?

image 001

image 002

best regard

Altin