Skip to main content
madhan
Staff
madhan
Staff
February 25, 2026

Troubleshooting Tip: Entries found in generated reports are not found in the FortiView

  • February 25, 2026
  • 0 replies
  • 68 views
Description

This article describes steps to undertake when encountering an issue where an entry is found in the report but not in the FortiView.
Scope FortiAnalyzer.
Solution

A report is generated to provide an overview of the network without drilling down in further details. Detailed information including log information can be found within FortiAnalyzer -> FortiView.

 

The following steps can be taken in sequence to identify the object that appears in the report, but not in the FortiView.

  1. Check the Report time frame.
  • The time frame can be adjusted prior to create a report. Usually, the time frame is part of the title page or in the top-left corner of the subsequent report pages.
  1. Filter from the time frame in the FortiView and verify the output.
  • Filter the same time frame in the FortiView.
  • Filter according to the log type (event/traffic) or other identifiable fields to make it easier to locate the entries
  1. Check the retention period configured.
  • Navigate to System Settings -> ADOM. Check the ADOM that contains the report and look for the 'Analytics (Actual/Config Days)' column.
  • Note the config days value and reflect it in the report's time frame.

If the report time frame is 60 days ago but the analytics log in the ADOM is held for only 30 days, it is possible that the analytic logs used are rolled and no longer available.

 

Confirm whether or not this is the case by generating a new report, but the time frame is adjusted according to the current available analytic logs. If the entry is no longer shown, that means it is a part of the older logs.

 

  1. Check the retention for the archive logs.
  • By default, the archive logs retention period is longer than the analytics logs.
  • In this case, the archive logs need to be at least 60 days or longer.
  1. Browse through the archive logs for the raw logs used in the report.
  • Filter the time between time frame of the report and the earliest available analytics logs. This is to minimize the number of files needed to go through to obtain the logs.
  1. (Optoinal) Adjust the retention period and rebuild.
  • Only perofrm this step if there is ample storage available and allocated to the ADOM.
  • Adjust the retention period - in this case, 30 to 60. After, rebuild the database so all of the logs are re-inserted into the database to fill the gap.
  • This will cause the FortiView to re-populate with the older logs available.
Terms & ConditionsAccessibility statement