Help
FortiSIEM Discussions
EV_1
New Contributor

Created on ‎09-15-2022 09:26 PM Edited on ‎12-05-2022 02:01 AM By Community Manager

FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks

890
0 Kudos
4 REPLIES 4
DanielHanman
Staff
Staff

Created on ‎09-16-2022 11:30 AM

What if you added a group by on the Event Receive Date? Does that help?

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
890
0 Kudos
ChrisDurkin
Staff
Staff

Created on ‎09-18-2022 04:01 PM

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition-------------------------------------------
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
890
0 Kudos
EV_1
New Contributor
In response to ChrisDurkin

Created on ‎09-20-2022 08:26 AM

Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.-------------------------------------------
Original Message:
Sent: Sep 18, 2022 04:00 PM
From: Chris Durkin
Subject: FortiSEIM round values

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
890
0 Kudos
DanielHanman
Staff
Staff
In response to EV_1

Created on ‎09-21-2022 09:46 AM

It is not currently possible to limit by on a group.

------------------------------
Daniel
FortiSIEM Product Manager
------------------------------
-------------------------------------------
Original Message:
Sent: Sep 20, 2022 08:26 AM
From: E V
Subject: FortiSEIM round values

Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.
Original Message:
Sent: Sep 18, 2022 04:00 PM
From: Chris Durkin
Subject: FortiSEIM round values

Try adding 

DayOfWeek( Event Receive Time )

To the group by condition
Original Message:
Sent: Sep 15, 2022 09:26 PM
From: E V
Subject: FortiSEIM round values

I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


Thanks
890
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.