Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
daveywavey
New Contributor

Created on ‎01-22-2016 09:12 AM

DNS QUERY Cookbook question

Hello I followed the link below and got it to work, my question is how can I see more results? I was able to expand the results to 500, is there a way to make it more than 500?

 

http://cookbook.fortinet.com/logging-dns-domain-lookups/

 

Thanks,

David

Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
6373
0 Kudos
5 REPLIES 5
awasfi_FTNT
Staff
Staff

Created on ‎01-25-2016 04:12 AM

Hello,

 

I believe you already added the dataset to a chart before using it on the report.

So you can edit the chart used by this report and set "Show Top" to "0" to show all results.

 

The device set by default to show 10,000 row per report:

# config system report setting

# get

max-table-rows      : 10000 report-priority     : low week-start          : sun

 

Regards,

AWASFI
2794
0 Kudos
daveywavey
New Contributor
In response to awasfi_FTNT

Created on ‎01-25-2016 06:15 PM

Tried the above still shows only 500 results in the report.

last result below.

 

500 custom: DNS QUERY, dns_query=forum.fortinet.com; 14
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
2794
0 Kudos
awasfi_FTNT
Staff
Staff
In response to daveywavey

Created on ‎01-26-2016 06:01 AM

It works for me on FortiAnalyzer v5.2.2.

Not sure about FortiAnalyzer v4.3, I think You need to edit the chart and input the value under the section "Only Show First" in the Data Bindings.  You may try "0" or something like 50000.

AWASFI
2794
0 Kudos
daveywavey
New Contributor
In response to awasfi_FTNT

Created on ‎01-27-2016 06:43 AM

Hello I am using 5.2.5 and I tried the change in the Chart section and that fixed it thanks.

 

Might be worth adding that to the Cookbook for others.

D

Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
2794
0 Kudos
daveywavey
New Contributor
In response to daveywavey

Created on ‎02-02-2019 12:57 PM

Is there a way to add source IP to DNS Query dataset?

Below is from the cookbook entry

 

 

select msg, sum(totalnum) as totalnum from ###(select ipstr(srcip), msg, count(*) as totalnum from $log where $filter-exclude-var group by srcip, msg order by totalnum desc)### t where $filter-var-only and msg is not null group by msg order by totalnum desc

 

Thanks

Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
Forti OS 4.0: FLG_100B-v400-build0705 (4.3.7) FWF_80CM-v400-build0665 (4.3.15) Forti OS 5.0: FWF_90D-v500-build0228 (5.0.3)
2794
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.