Skip to main content
EV_1
EV_1
New Member
September 16, 2022
Question

FortiSEIM round values

  • September 16, 2022
  • 2 replies
  • 2074 views

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks

    2 replies

    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    September 16, 2022
    What if you added a group by on the Event Receive Date? Does that help?

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Sep 15, 2022 09:26 PM
    From: E V
    Subject: FortiSEIM round values

    I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
    https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

    We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

    For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


    Thanks
    cdurkin_FTNT
    Staff
    cdurkin_FTNT
    Staff
    September 18, 2022
    Try adding 

    DayOfWeek( Event Receive Time )

    To the group by condition-------------------------------------------
    Original Message:
    Sent: Sep 15, 2022 09:26 PM
    From: E V
    Subject: FortiSEIM round values

    I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
    https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

    We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

    For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


    Thanks
    EV_1
    EV_1Author
    New Member
    September 20, 2022
    Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
    Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.-------------------------------------------
    Original Message:
    Sent: Sep 18, 2022 04:00 PM
    From: Chris Durkin
    Subject: FortiSEIM round values

    Try adding 

    DayOfWeek( Event Receive Time )

    To the group by condition
    Original Message:
    Sent: Sep 15, 2022 09:26 PM
    From: E V
    Subject: FortiSEIM round values

    I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
    https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

    We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

    For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


    Thanks
    FSM_FTNT
    Staff
    FSM_FTNT
    Staff
    September 21, 2022
    It is not currently possible to limit by on a group.

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------
    -------------------------------------------
    Original Message:
    Sent: Sep 20, 2022 08:26 AM
    From: E V
    Subject: FortiSEIM round values

    Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
    Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.
    Original Message:
    Sent: Sep 18, 2022 04:00 PM
    From: Chris Durkin
    Subject: FortiSEIM round values

    Try adding 

    DayOfWeek( Event Receive Time )

    To the group by condition
    Original Message:
    Sent: Sep 15, 2022 09:26 PM
    From: E V
    Subject: FortiSEIM round values

    I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
    https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

    We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

    For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


    Thanks
    Terms & ConditionsAccessibility statement