Skip to main content
mohammedsaad92
mohammedsaad92
New Member
September 7, 2022
Solved

Fortisiem-Report-issue

  • September 7, 2022
  • 4 replies
  • 3822 views

Hi all ,

Please , i have an issue with fortisiem when i generate report for last 7 days and export the result , the exported file not showing all days , its show just last 1 day .

Thanks 

 

Best answer by premchanderr

Hi @Anonymous_User , From GUI we cannot increase this limit. But for backend you can export phExportEventTool. 

 

https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/appendix-exporting_events_to_files.htm

4 replies

Anthony_E
Staff
Anthony_E
Staff
September 11, 2022

Hello Mohammed,

 

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

 

Regards,

Best Regards
Anthony_E
Staff
Anthony_E
Staff
September 12, 2022

Hello Mohammed,

 

Could you please try to follow these steps?:

 

Specifying Search Time Window
Complete these steps to specify search filters and time window:
1. Click the Edit Filters and Time Range edit box.
2. Specify the time window:
a. Real time mode – only from the current time onwards.
b. Historical mode – for previous time periods that have already occurred. Select Relative or Absolute
option.
l For the Relative option, the query will run for a duration in the past, starting from current time.
Choose the time scale (Minutes/Hours/Days) and the quantity.
l For the Absolute option, the query will run for a specific time window in the past. There are two
ways to specify this:
l Using two explicitly defined time epochs.
l Using Always prior option to define time-periods such as the previous week or the
previous two months. If you are interested in re-running the same report on a daily basis,
then you do not have to change the time period.
The ANALYTICS view also provides a list of five time range buttons ( ) which appear to the left of the
paginator. They allow you to filter data by the last 15 minutes, 1 hour, 1 day, 7 days, or 30 days.

 

Information found in this guide page 446:

 

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/38312645-1c67-11ea-9384-00505692583a/Standalone_PDF.pdf

 

Regards,

Best Regards
mohammedsaad92
mohammedsaad92Author
New Member
September 12, 2022

Thanks, Antony for your reply 

my point is the export file cannot exceed 3M , if you have any way to expand the file size tell me please .

 

Regards

 

premchanderr
Staff & Editor
premchanderr
Staff & Editor
September 27, 2022

Hi @mohammedsaad92 ,


There is no limit on report file size, however on number of lines.

 

Please find the maximum limit as given below:
- Events Generated in UI: 1,00,000 lines if not using Group By. And 10,000 if using Group By.

- PDF export: 50,000 lines if not using Group By or displaying Raw Events; 10,000 if using Group By; and 2,000 if displaying Raw Events.

- CSV export: 100,000 lines if not using Group By or displaying Raw Events; 10,000 if using Group By; and 2,000 if displaying Raw Events.

If results exceed these limits, report output will be truncated.

These values would also vary depending upon the columns and number, size of the column data.

    S0ck-Pupp3t
    S0ck-Pupp3t
    Explorer III
    July 31, 2024

    @premchanderr @Anthony_E  From an admin perspective, is there any way to pull exports that are not truncated? I've had compliance/audit requests for a ridiculous amount of time wherein a 24 hour query pulled 2+ million results. The auditors want to go through ALL of it. 

     

    Regards,

    premchanderr
    Staff & Editor
    premchanderrAnswer
    Staff & Editor
    August 12, 2024

    Hi @Anonymous_User , From GUI we cannot increase this limit. But for backend you can export phExportEventTool. 

     

    https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/appendix-exporting_events_to_files.htm

      Terms & ConditionsAccessibility statement