Hello, I have looked through the pre-configured datasets in Fortianalyser but cannot seem to find:
- drilldown showing top users app usage based on bandwidth where appcat = 'x'.
- drilldown showing top users websites visited based on bandwidth where catdesc='x'.
Does anyone have datasets for these ?
Thank you kindly.
please clone app-Top-User-by-Bandwidth , add your own appcat/catdesc filter, then create a drilldown table chart.
for top users by website visited bytes, try:
select website, user_src, sum(bandwidth) as bandwidth from ###(select hostname as website, coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and logid_to_int(logid) not in (4, 7, 14) and catdesc='x' and (countweb>0 or ((logver is null or logver<52) and(hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by hostname, user_src having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc)### t group by website, user_src order by bandwidth desc
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.
