Help
FortiSIEM
FortiSIEM provides Security Information and Event Management (SIEM) and User and Entity Behavior Analytics (UEBA)
mgoswami
Staff
Staff

Created on ‎04-17-2025 07:14 AM

Article Id 388076

Troubleshooting Tip: Unable to add entry to Watchlist - duplicate entry detected

Description This article describes how to troubleshoot the 'duplicate entry' error encountered when adding a new item to the FortiSIEM Watchlist.
Scope FortiSIEM.
Solution

This error can occur if the entry value trying to add already exists in the Watchlist - even if it belongs to a different organization.

 

duplicate entry 1.png

However, when searching for the entry in the Watchlist in the GUI, no results may appear.

 

no matching 2.png

To verify whether the value exists in another organization or watchlist, use the following SQL query:

 

psql -U phoenix phoenixdb -c "SELECT * FROM ph_dwl_entry WHERE entry_value='abc.com';"

 

Even if the entry is not visible in the GUI, it might still exist in another organization. The command above will confirm its presence, as shown below:

 

CLI entry 3.png

 

If the entry is found and needs to be removed, delete it using the following command:

 

psql -U phoenix -d phoenixdb -c "DELETE FROM ph_dwl_entry WHERE entry_value='abc.com';"

 

After deleting the duplicate entry, try adding it to the Watchlist again - it should now be successful.
100
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.