Fortisiem-Report-issue

mohammedsaad92 · ‎09-07-2022

Hi all ,

Please , i have an issue with fortisiem when i generate report for last 7 days and export the result , the exported file not showing all days , its show just last 1 day .

Thanks

premchanderr · ‎08-12-2024

Hi @jcarvajal , From GUI we cannot increase this limit. But for backend you can export phExportEventTool.

https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/appendix-exporting_events_to_files.htm

Regards,
Prem Chander R

View solution in original post

Anthony_E · ‎09-11-2022

Hello Mohammed,

Thank you for using the Community Forum.

I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Regards,

Anthony-Fortinet Community Team.

Anthony_E · ‎09-11-2022

Hello Mohammed,

Could you please try to follow these steps?:

Specifying Search Time Window
Complete these steps to specify search filters and time window:
1. Click the Edit Filters and Time Range edit box.
2. Specify the time window:
a. Real time mode – only from the current time onwards.
b. Historical mode – for previous time periods that have already occurred. Select Relative or Absolute
option.
l For the Relative option, the query will run for a duration in the past, starting from current time.
Choose the time scale (Minutes/Hours/Days) and the quantity.
l For the Absolute option, the query will run for a specific time window in the past. There are two
ways to specify this:
l Using two explicitly defined time epochs.
l Using Always prior option to define time-periods such as the previous week or the
previous two months. If you are interested in re-running the same report on a daily basis,
then you do not have to change the time period.
The ANALYTICS view also provides a list of five time range buttons ( ) which appear to the left of the
paginator. They allow you to filter data by the last 15 minutes, 1 hour, 1 day, 7 days, or 30 days.

Information found in this guide page 446:

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/38312645-1c67-11ea-9384-005056...

Regards,

Anthony-Fortinet Community Team.

mohammedsaad92 · ‎09-11-2022

Thanks, Antony for your reply

my point is the export file cannot exceed 3M , if you have any way to expand the file size tell me please .

Regards

premchanderr · ‎09-26-2022

Hi @mohammedsaad92 ,

There is no limit on report file size, however on number of lines.

Please find the maximum limit as given below:
- Events Generated in UI: 1,00,000 lines if not using Group By. And 10,000 if using Group By.

- PDF export: 50,000 lines if not using Group By or displaying Raw Events; 10,000 if using Group By; and 2,000 if displaying Raw Events.

- CSV export: 100,000 lines if not using Group By or displaying Raw Events; 10,000 if using Group By; and 2,000 if displaying Raw Events.

If results exceed these limits, report output will be truncated.

These values would also vary depending upon the columns and number, size of the column data.

Regards,
Prem Chander R

jcarvajal · ‎07-31-2024

@premchanderr @Anthony_E From an admin perspective, is there any way to pull exports that are not truncated? I've had compliance/audit requests for a ridiculous amount of time wherein a 24 hour query pulled 2+ million results. The auditors want to go through ALL of it.

Regards,

premchanderr · ‎08-12-2024

Hi @jcarvajal , From GUI we cannot increase this limit. But for backend you can export phExportEventTool.

https://help.fortinet.com/fsiem/7-0-3/Online-Help/HTML5_Help/appendix-exporting_events_to_files.htm

Regards,
Prem Chander R

Fortisiem-Report-issue

Nominate a Forum Post for Knowledge Article Creation