Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kayzerreyn
New Contributor

Top x web site by bandwith for Top 10 user

i need a report for Top 10 user by bandwith and their destination. i created a drilldown top user ,but top web sites should be in drildown columns.how can i do that ? 

examplesitewebsiteCategoryBandwith User a(source ip)  15GBtotal web site 1 8GB  web site 2  5GB  web site3 2Gb User b(source ip)  14GBtotal web site 5 6GB  website 2  5GB  web site3 4Gb 

 

i can not create a dataset 

 

top user

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, get_devtype(srcswversion, osname, devtype) as devtype_new, srcname, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth, sum(coalesce(rcvdbyte, 0)) as traffic_in, sum(coalesce(sentbyte, 0)) as traffic_out from $log where $filter and (logflag&1>0) and utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter') group by user_src, devtype_new, srcname having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc### union all ###select website, catdesc, sum(bandwidth) as bandwidth from ###(select hostname as website, catdesc, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and (logflag&1>0) and (countweb>0 or ((logver is null or logver<502000000) and (hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by hostname, catdesc having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc)### t group by website, catdesc order by bandwidth desc

top web site for a user select website, catdesc, sum(bandwidth) as bandwidth from ###(select hostname as website, catdesc, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth from $log-traffic where $filter and hostname is not null and (logflag&1>0) and (countweb>0 or ((logver is null or logver<502000000) and (hostname is not null or utmevent in ('webfilter', 'banned-word', 'web-content', 'command-block', 'script-filter')))) group by hostname, catdesc having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc)### t group by website, catdesc order by bandwidth desc

1 REPLY 1
nnair
Staff
Staff
Labels
Top Kudoed Authors