This parallel coordinates graph shows 412429 lines of one of my wallinfire.net access log with generated with Picviz svn. This is the first of a set of graphs which will derivate from this one. The most complete one.
To generate such a graph, simply use the apache-access2picviz Perl script available from trunk/tools. Then, use the heatline plugin to see line frequencies: the more green the line is, the lowest it appears. When a line is in red, it means it comes often. This way you can easily see if an event is regular or not. To generate this image, you can type: pcv -Tpngcairo access.pcv -Rheatline -Avirus -rra > accesslogs.png
First axis = Time (24 hour) with 00:00 at the bottom and 23:59 on the very top.
Second axis = Source IP with 0.0.0.0 at the bottom and 255.255.255.255 on the very top.
Third axis = HTTP request type.
Fourth = Request
Tomorrow, I will post a filtered graph, on the request axis to see what are the IP addresses that are doing abnormal requests.
Picviz is available as free software on http://www.wallinfire.net/picviz