Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
psniech
New Contributor

Created on ‎05-15-2024 02:49 AM

select *

why the formula that allows to get column's names from log:

 

select * from $log ....

 

doesn't work

 

 

 

Labels:
784
0 Kudos
2 Solutions
ozkanaltas
Valued Contributor III
In response to psniech

Created on ‎05-16-2024 06:44 AM

Hi @psniech ,

 

I know I also used that SQL query before on the previous version of FortiAnalyzer.

 

I think they forgot to update the training document. 

 

Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
681
ozkanaltas
Valued Contributor III

Created on ‎05-16-2024 06:48 AM

In addition, As you can see these screens are from the oldest version of FortiAnalyzer.

 

Because of that, they need to update training documents. :) 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW

View solution in original post

If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
679
0 Kudos
7 REPLIES 7
ozkanaltas
Valued Contributor III

Created on ‎05-15-2024 02:59 AM

Hello @psniech ,

 

Can you explain the issue few more words? 

 

You try to write datasets on FortiAnalyzer, right? If you say yes, can you share all SQL queries with us? 

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
772
psniech
New Contributor
In response to ozkanaltas

Created on ‎05-15-2024 03:02 AM

Sorry, it was a problem with the browser. Now is displaying properly column names. Problem solved.

768
0 Kudos
psniech
New Contributor
In response to ozkanaltas

Created on ‎05-15-2024 03:45 AM

Hi,

I was wrong. According to training materials formula:

select * from $log 

should display column names from relevant log. but as I can see it gives syntax error:

"Merge: please use specific columns instead of '*'

 

759
0 Kudos
ozkanaltas
Valued Contributor III
In response to psniech

Created on ‎05-15-2024 04:02 AM

Hello @psniech ,

 

If you move the mouse cursor to the "from $log" field, you can see the fields in the relevant database.

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
728
0 Kudos
psniech
New Contributor
In response to ozkanaltas

Created on ‎05-16-2024 06:38 AM

Hi,

I know that it works like you mentioned. But before it was also possible to use formula: select * from $log and it worked. I have such a formula in current version of training materials for FortiAnalyzer Analyst training, that's because I have posted this qestion.

683
0 Kudos
ozkanaltas
Valued Contributor III
In response to psniech

Created on ‎05-16-2024 06:44 AM

Hi @psniech ,

 

I know I also used that SQL query before on the previous version of FortiAnalyzer.

 

I think they forgot to update the training document. 

 

Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
682
ozkanaltas
Valued Contributor III

Created on ‎05-16-2024 06:48 AM

In addition, As you can see these screens are from the oldest version of FortiAnalyzer.

 

Because of that, they need to update training documents. :) 

 

image.png

If you have found a solution, please like and accept it to make it easily accessible to others.
NSE 4-5-6-7 OT Sec - ENT FW
If you have found a solution, please like and accept it to make it easily accessible to others.NSE 4-5-6-7 OT Sec - ENT FW
680
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.