Traffic data in PostgreSQL

Forum|Forum|4 months ago
January 19, 2026
1 reply
193 views

Hello, i have a problem with dataset in Fortianalyzer. When i search traffic logs in Fortianalyzer under "LOG-VIEW" and "Traffic" i get different result than using Dataset Query in Report Definitions.

Are these queries based on different databases / data sources?

I run the following SQL in Dataset definition:

SELECT policyid, dstport, proto
FROM
$log-traffic as l
WHERE
$filter
AND policyid = '681'
group by policyid, dstport, proto
order by dstport

but this does not return the same ports like searching in Analyzer Log Traffic view when searching with

policyid="681"

I selected the device name in both search scenarios, in the drop down fields.

My question, from where does the difference result and should both query types return the same result?

FortiAnalyzer

illorenzoditorino

Explorer III

@MaAtVA I have seen that running the dataset does not always return correct results. Try using the dataset in chart and chart in a report and see if the results match with what you see in Log View - it should match :)

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded