Skip to main content
mantaransingh_FTNT
Staff
mantaransingh_FTNT
Staff
May 26, 2017

Technical Tip: Create a custom report using chart builder tool from Log View

  • May 26, 2017
  • 0 replies
  • 14622 views

Description


This article describes how to create a custom report using the chart builder Tool from Log View. Using Chart Builder, custom dataset queries and charts can be created as per requirement.

 

Scope

 

FortiAnalyzer.

Solution

 

  1. Steps to follow before building the chart:
  • The columns to be shown in the report should be selected first from Column Settings.
  • Filters must be applied as required.

 

Font Size

 

  1. Using Chart Builder.

To use the Chart Builder option, go to Log View -> Tools -> Chart Builder.

                                                      

chart_builder.png
                  

  • Give the name of the chart. For example: ‘Test-Report’.
  • Select the columns. Up to 5 columns can be selected.
                                               

                    

  • Hit Preview to preview the data.
  • Hit Save, and a chart and dataset will be created.

 

  1. Creating reports using the new chart.

  • Go to Reports -> Create new -> Give a report name -> Layout -> Insert Chart.
  • Select the chart.
  • Select OK to add the chart.
  • Select Apply to save the changes to the report.

 

It is possible to add as many charts within a single report if 5 columns are needed.

 

Note:

In recent versions of the FortiAnalyzer, the Chart builder functionality will not allow the selection of Date/time as a column, nor will it allow the selection of most other time-related columns. This was purposefully implemented as the addition of these column/s may cause serious performance issues with the SQL Database during report generation.

 

If there is a requirement to use date/time in group-by, the date/time needs to be normalized, e.g., make it hour-of-day, or use $flex_timestamp macro. An example is the dataset 'threat-Intrusion-Timeline':

 

select   $flex_timescale(timestamp) as hodex,   sum(totalnum) as totalnum from   ###(     select       $flex_timestamp as timestamp,       count(*) as totalnum     from       $log     where       $filter     group by       timestamp       /*SkipSTART*/     order by       timestamp desc       /*SkipEND*/   )### t group by   hodex order by   hodex


Related articles: 

Technical Tip: How to build a custom report on FortiAnalyzer using Chart Builder

Troubleshooting tip: How to troubleshoot Chart Builder

Technical Tip: Creating a Custom report from FortiView (Export to Report Chart) 

    Terms & ConditionsAccessibility statement