Description
This article describes why some output in the report will show the same amount of value for each type and the reason behind it.
Scope
FortiAnalyzer
Solution
To understand why the value is showing equal for each type, check on specific chart and dataset on how the value is getting populated.
For this use case, take the title 'Top 5 Viruses, Bots, Spyware or Adware, Phishing Sites' as an example. (in FortiAnalyzer v7.6.2)
Find on which chart it is being used by selecting Reports -> Report Definitions -> All Reports -> Search 360 Security Report' -> Editor -> Scroll and search for 'Top 5 Viruses, Bots, Spyware or Adware, Phishing Sites' -> Click on Settings Icon on Top Right
After identifying the chart used, go to Reports -> Report Definitions -> Chart Library -> Search '360 Security Top virus Botnet Spyware Adware Phishing Website'
In Value options, the default Data Bindings used is type_total_num, where from here the same output was populated in the report. Test this uses Real Data instead to understand the similarity with the exact report, by going to the Top Right -> Select Real Data -> Select same period as report output, for this example select 'Previous 30 Days' -> Go.
Note:
Once 'Go' is selected, it will query the real data and will take some time. Wait until the 'Go' button to enabled again for the indicator the query is finished.
Change the Data Bindings value to 'total_num' to see the difference; now, each Virus value will populate a different value output.
The reason behind this is that the query for the dataset has different column values to populate the data. Go to Reports -> Report Definitions -> Datasets -> Search '360-security-Malware-Virus-Botnet-Spyware'
From the SQL query, it selects columns total_num and type_total_num to get the data, and it has different values for each.
When running the real data from the query, it will show two different outputs, which is the expected behavior.
Note:
The default report/dataset/chart templates cannot able to be tampered with.
Related document:
