Technical Tip: Improve filtered log preparation process for faster log file downloads from the GUI
| Description | This article describes how to make downloading filtered logs from FortiAnalyzer faster when exporting a large number of log entries from the GUI. |
| Scope | FortiAnalyzer. |
| Solution | After applying filters in Log View to search for specific logs, the system may return a very large number of entries and pages, especially if the search spans multiple hours or days.
When trying to download all pages of these logs, the process can take a long time. This is because FortiAnalyzer first has to locate and process all matching log entries before it can generate the download file.
To speed things up, a skip index can be used to optimize the search process and return results more quickly. For example, if frequently filtered logs are filtered by source IP, this field can be added to the skip index using the CLI:
Once the configuration is applied, verify that skip index is enabled by running the following command:
diagnose test application fazsvcd 2
The output should show the skip-index status as Enabled, similar to the example below:
skip-index: status=Enabled grpstatu=Enabled aggstatus=Enabled nr-chk=0 nr-run=0 avg-run=0.000(sec), nr-agg-run=0 avg-agg-run=0.000(sec)
If skip index is not enabled, use the command below to enable (or disable) it as needed:
A successful change will be confirmed with a message indicating that the skip-index status has been updated.
After adding the field to the skip index, log searches become faster, and exporting the filtered logs from the GUI takes significantly less time than before. |