Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

EV_1
New Contributor

FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
4 REPLIES 4
FSM_FTNT
Staff
Staff

What if you added a group by on the Event Receive Date? Does that help?

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
cdurkin_FTNT
Staff
Staff

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition-------------------------------------------
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
EV_1

Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.-------------------------------------------
Original Message:
Sent: Sep 18, 2022 04:00 PM
From: Chris Durkin
Subject: FortiSEIM round values

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
FSM_FTNT

It is not currently possible to limit by on a group.

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Sep 20, 2022 08:26 AM
From: E V
Subject: FortiSEIM round values

Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.
Original Message:
Sent: Sep 18, 2022 04:00 PM
From: Chris Durkin
Subject: FortiSEIM round values

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks