Description
This article describes how to get FortiAnalyzer Top Applications/Top Sources data using JSON API.
Scope
FortiAnalyzer.
Solution
Steps:
- The below API is used to run the query in FortiAnalyzer for 'Top Applications':
Note:- Top Applications URL: /fortiview/adom/{{adom}}/top-applications/run.
- Top Sources URL: /fortiview/adom/{{adom}}/top-sources/run.
- Task ID (tid) from JSON Response will be used in step#2.
- {{adom}}, 'limit', 'devname', and 'time-range' needs to be updated.
JSON request body:
{
"method": "add",
"jsonrpc": "2.0",
"id": 112,
"params": [{
"url": "/fortiview/adom/{{adom}}/top-applications/run",
"limit": 10,
"apiver": 3,
"device": [{
"devname": "All_FortiGate"
}],
"count-total": true,
"time-range": {
"start": "2024-12-02 15:00:00",
"end": "2024-12-24 16:00:00"
}
}],
"session": "{{session}}"
}
- Once the step 1 query is completed, proceed to run the following API using Task ID (from step 1) to fetch the Top Applications/Top Sources data.
Note:- Top Applications URL: /fortiview/adom/{{adom}}/top-applications//{{taskid}}.
- Top Sources URL: /fortiview/adom/{{adom}}/top-sources//{{taskid}}.
- If the step 1 query is not complete, the following API will show success but with empty data.
JSON request body:
{
"method": "get",
"jsonrpc": "2.0",
"id": 112,
"params": [{
"url": "/fortiview/adom/{{adom}}/top-applications/run/{{taskid}}",
"apiver": 3,
"count-total": false
}],
"session": "{{session}}"
}
- Sample JSON request and response:
Troubleshooting steps:
The following debug command can be run from FortiAnalyzer to verify the API request and results:
diag debug application fazsvcd 255
diag debug enable
Sample debug output for step 1:
<...truncated...>
[T31409:process_jsonrpc.c:1748] request:
{
"id": "3993",
"jsonrpc": "2.0",
"method": "add",
"params": [ { "url": "\/fortiview\/adom\/root\/top-applications\/run", "limit": 2, "apiver": 3, "device": [ { "devname": "All_FortiGate" } ], "count-total": true, "time-range": { "start": "2024-12-02 15:00:00", "end": "2024-12-24 16:00:00" } } ]
}
[T31409:process_jsonrpc.c:1574] uri=/fortiview/top-applications/run, adom=root, uri_sub=top-applications/run
<...truncated...>
[T11209:fv_hdlr_sql_query.c:3102] [top-applications] got final result [ret=0 resolve_hostname=0]
[T11209:fv_hdlr_sql_query.c:3110] fv_sql_query():3110 process_query_result took 0.0017 sec
[T11209:fazsvc_hdlr_fortiview.c:1831] forti_view_run_exec():1831 Run Query took 5.2986 sec
[T11209:fazsvc_hdlr_fortiview.c:1846] Function returns: tid: 655949941 retc: 0
[T31377:fazsvc_session.c:2124] Client ('11') is accepted.
[T31410:fazsvc_session.c:1929] Handle request from client ('11'), wait=0 sec.
Sample debug output for step 2:
<...truncated...>
[T31410:process_jsonrpc.c:1748] request:
{
"id": "3994",
"jsonrpc": "2.0",
"method": "get",
"params": [ { "url": "\/fortiview\/adom\/root\/top-applications\/run\/655949941", "apiver": 3, "count-total": false } ]
}
[T31410:process_jsonrpc.c:1574] uri=/fortiview/top-applications/run/655949941, adom=root, uri_sub=top-applications/run/655949941
<...truncated...>
[T31410:fazsvc_session.c:1970] jsonapi response={ "jsonrpc": "2.0", "id": 3994, "result": { "data-time-range": { "start": 0, "end": 0 }, "db_start_time": 1734825600, "percentage": 100, "max-value": { "num_users": 2.000000, "bandwidth": 34768.000000, "sessions": 164.000000 }, "total-count-all": 1885, <...truncated...> } ], "return-lines": 2 } }.
[T31410:fazsvc_session.c:1975] Prepare to sent the result to client 11. (ds_size=1011)
[T31410:fazsvc_session.c:1975] Client ('11') disconnected (rv=-1).
Related articlea:
Technical Tip: The task limit for asynchronous log searches in FortiAnalyzer
