Description
This article describes how to resolve empty reports.
Scope
FortiAnalyzer.
Solution
- Validate that the FortiAnalyzer is not running a lower version than the FortiGates (refer to the latest Compatibility Tool).
- Validate the time frame set for the report and verify it is possible to see logs in 'Log View' for that period. If there is none, it is possible to generate some log using: 'diag log test' from the FortiGate CLI.
- In the case of User reports, ensure to type the username the same way as in the Log View, the reason is case sensitivity.
- Test the dataset that is related to the report. To find the dataset that underlies the report, navigate to Layout, select the table, and choose Chart properties.
Save or remember the name of the chart as depicted below, navigate to Chart Library and search for the chart, open the chart and find the dataset as in the screenshot below, search for the dataset under the Datasets section, confirm that the correct time frame is applied, and use the TEST button to generate output.
Be informed that the dataset values may differ from the real numbers, as this option only serves for testing purposes.
- For filter usage and no output, ensure that the correct filter and value are used. These values can be found after displaying raw logs.
Raw view.
Debug Section
- Once starting to run a report, FortiAnalyzer creates a log of the report generation status and system performance. Use this diagnostic log to troubleshoot and report performance issues. For example, if the report is very slow to generate, it is possible to use this log to check system performance and see which charts take the longest time to generate. For information on how to interpret the report diagnostic log and troubleshoot report performance issues, see the FortiAnalyzer Report Performance Troubleshooting Guide
To retrieve report generation logs:
- In Reports -> Generated Report, 'right-click' the report and select Retrieve Diagnostic to download the log to the computer.
- Use a text editor to open the log.
- Debug the reporting process using the commands below:
diagnose debug application sqlreportd 255
diagnose debug enable
While the debug is running, execute the report via GUI or CLI as described in step 3. After the debug output is generated, close the debugging in CLI via commands:
diagnose debug disable
diagnose debug reset - Execute the report manually via CLI, in this example, 'User Detailed Browsing Log' is used from the root ADOM.
exe sql-report run root ?
<schedule-name> <----- Select one of the available SQL report schedule names.
ADOM: root
NAME TITLE
10012 - User Detailed Browsing Log10017 - User Top 500 Websites by Bandwidth10018 - User Top 500 Websites by Session10019 - Application Risk and Control10025 - Cyber Threat Assessment10037 - Secure SD-WAN Report10039 - SOC Incident Report10041 - Throughput Utilization Billing Report22001 - FortiClient Default Report30001 - FortiDDos Default Reporturanium-esx50 # exe sql-report run root 10012
-
Run the following command:
diagnose system fsck harddisk
This operation will check and repair the file system, then reboot the system.
Do you want to continue? (y/n)y -
If the issue remains, contact Fortinet TAC Support and provide additional details to the ticket, such as the output of the following commands:
diag test application sqlreportd 99
exe tac report
Also, the output of the commands ran in step 2 of the debug section.
In case Chrome is used, it is also possible to download the Fortinet Chrome extension to capture more details: FortiManager/FortiAnalyzer Debugger.
Related documents:
Reporting: When is a manual rebuild of hcache tables advisable?
Technical Tip: FortiAnalyzer SQL database delete and rebuild
Technical Tip: How to Validate Event Handler in FortiManager and FortiAnalyzer
