Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fran1942
New Contributor

Browsetime column creation ?

Hello, I have the following drilldown dataset. I cannot work out how to convert the 'bandwidth' column in to a 'browse time' column. Is anyone able to assist ? (I have attached a screenshot which shows how I would like it to be with a browse time column).

Thank you kindly if possible.

 

select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, app, sum(coalesce(`sentbyte`, 0)+coalesce(`rcvdbyte`, 0)) as bandwidth from $log where $filter and logid_to_int(logid) not in (4, 7, 14) and nullifna(app) is not null and (appcat = 'Social.Media') group by user_src, app order by bandwidth desc

1 Solution
hzhao_FTNT

Try:

select user_src, app, ebtr_value(ebtr_agg_flat(browsetime), null, $timespan) as browsetime from ###(select user_src, app, ebtr_agg_flat(browsetime) as browsetime from (select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, app, ebtr_agg_flat($browse_time) as browsetime from $log where $filter and $browse_time is not null and (appcat = 'Social.Media')  group by user_src, app) t group by user_src, app order by ebtr_value(ebtr_agg_flat(browsetime), null, null) desc)### t group by user_src, app order by browsetime desc

View solution in original post

3 REPLIES 3
hzhao_FTNT
Staff
Staff

Hi there, please use predefined dataset "top-user-by-website-browsetime".

 

Regards,

hz

fran1942

thank you kindly but how do I change out 'domain' for 'app' within that dataset ? Simply swapping the word 'domain' for 'app' does not work.

 

top-user-by-website select user_src, domain, ebtr_value(ebtr_agg_flat(browsetime), null, $timespan) as browsetime from ###(select user_src, domain, ebtr_agg_flat(browsetime) as browsetime from (select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, coalesce(nullifna(hostname), ipstr(`dstip`)) as domain, ebtr_agg_flat($browse_time) as browsetime from $log where $filter and $browse_time is not null and (appcat = 'Social.Media') group by user_src, domain) t group by user_src, domain order by ebtr_value(ebtr_agg_flat(browsetime), null, null) desc)### t group by user_src, domain order by browsetime desc

hzhao_FTNT

Try:

select user_src, app, ebtr_value(ebtr_agg_flat(browsetime), null, $timespan) as browsetime from ###(select user_src, app, ebtr_agg_flat(browsetime) as browsetime from (select coalesce(nullifna(`user`), ipstr(`srcip`)) as user_src, app, ebtr_agg_flat($browse_time) as browsetime from $log where $filter and $browse_time is not null and (appcat = 'Social.Media')  group by user_src, app) t group by user_src, app order by ebtr_value(ebtr_agg_flat(browsetime), null, null) desc)### t group by user_src, app order by browsetime desc

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors