Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
lucianag22
Staff
Staff

Created on ‎11-16-2025 11:57 PM

Article Id 419128

Technical Tip: Unable to see Advanced Search Tab under Analytics

Description This article explains why is not available Advanced Search Tab under Analytics.
Scope FortiSIEM v7.3.0 and higher.
Solution

V7.3.0 was released with the feature Advanced Search to run generic SQL queries against the ClickHouse event database; therefore, it is not possible to see the Advanced Search Tab under Analytics is due event database is different from ClickHouse.

 

Verify using the 'df -h' command by SSH or checking the storage information in the banner at the bottom:

 ScreenshotAS.png

 

If EventDB Local Disk or EventDB NFS is being used as storage is not possible to use this feature as they use a proprietary NoSQL database. When event data is migrated to ClickHouse, the feature becomes available.

 

Screenshot 2025-11-14 145824.png

 

Related documents:

Changing EventDB to ClickHouse 

Advanced ClickHouse Search 
76
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.