Help
FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
madhan
Staff
Staff

Created on ‎03-23-2025 11:00 PM Edited on ‎04-01-2025 02:52 AM By Moderator

Article Id 384075

Troubleshooting Tip: Dataset query error due to database changes in FortiAnalyzer v7.6

Description

This article provides an example of a dataset query error due to changes in the FortiAnalyzer database from Postgres to ClickHouse. This change will primarily affect the custom dataset query which was scripted according to Postgres-specific queries.
Scope

FortiAnalyzer v7.6.0 and onwards.
Solution

The dataset queries below will give the following error message for FortiAnalyzer versions 7.6.0 and onwards:

 

DB::Exception: Incorrect number of arguments for function toString provided 2 (String, String), expected 1 ('Value' ::(While processing toString(formatDateTime(toDateTime(itime), '%Y-%m-%d %H:%i:%s'), 'YYYY-MM-DD Day') AS FullDate,

 

to_char(from_itime(itime), 'YYYY-MM-DD Day') as FullDate,

 

This is because, as of this day, ClickHouse does not support the to_char function as it replaces it with formatDateTime.

 

 formatDateTime(toDateTime(itime), '%Y-%m-%d %H:%i:%s')

 

Once the dataset has been updated with the correct syntax, review the dataset and chart result before generating a report.

Creating datasets 
127
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.