Help
FortiSIEM Discussions
beingarif
New Contributor III

Created on ‎06-10-2025 11:36 PM

FortiSIEM Issue with Custom Attributes Parsing

Hello FortiSIEM Community,

I am working with FortiSIEM Version 7.3.2 and facing an issue where some custom attributes are not appearing in parsed logs. Here’s the setup:

  • Created new custom attributes for MSSQL JDBC performance monitoring.
  • Defined an event type and mapped all custom attributes according to SQL query output columns.
  • Added 30-40 new attributes across different databases.
  • In RAW logs, only a few custom attributes appear to be parsed, while most are missing.
  • The PHBOX parser is being used, as indicated in the raw logs.
  • Additionally, I have written a custom parser within the same setup, and the attributes belonging to that parser are successfully parsed.

I would appreciate any insights on why attributes mapped through PHBOX parser are not appearing, and how I can resolve this issue.

Has anyone encountered something similar, or can you suggest troubleshooting steps?

Thanks in advance for your help!

arif
arif
Labels:
249
0 Kudos
2 REPLIES 2
beingarif
New Contributor III

Created on ‎06-10-2025 11:50 PM

@Anthony_E  @Secusaurus can you please help here.

arif
arif
244
0 Kudos
cdurkin_FTNT
Staff
Staff

Created on ‎06-11-2025 01:11 PM

Can you provide a sanitized raw message.. and some example of Custom Attributes that parse and ones that do not.

201
0 Kudos
Announcements

Welcome to your new Fortinet Community!

You'll find your previous forum posts under "Forums"

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.