Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
Mike17
Staff
Staff

Created on ‎07-30-2025 05:21 AM

Article Id 404111

Technical Tip: Download Unknown Raw Event logs from FortiSIEM GUI

Description This article describes how to download Unknown Raw Event logs on FortiSIEM GUI, this is useful when try to add new sources on FortiSIEM and for some reason FortiSIEM is not able to parse the received events
Scope FortiSIEM.
Solution

When FortiSIEM receives logs that do not match with a system parser or a custom event parser, then FortiSIEM stores the event as Unknown_EventType. Once indexed on the event database, it is possible to download these kinds of events to be able to check their content and perform parse testing.

 

To download the Unknown Event types, follow the next steps:

  1. Logging into FortiSIEM GUI with admin credentials
  2. Navigate to Analytics and create a new query by selecting the filter Criteria: Event Type CONTAIN unknown.

 

2025-07-29_16h46_38.png

 

  1. Select 'Apply & Run, the unknown event types will be displayed as Results:

 

2025-07-29_16h40_50.png

 

  1. Once displayed results with 'Unknown Event Types', export the results by selecting Actions -> Export Result -> CSV>Generate.

 

2025-07-29_16h56_53.png

 
 

After completing these steps, a compressed CSV file will be downloaded, then it is possible to check the content for these events to perform additional parsing tests
Labels:
236
Suggest New Article
Article Feedback
Comments
maovalencia
Staff & Editor
Staff & Editor
‎07-30-2025 03:22 PM

Thank you Mike for this article. 

Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.