Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ks_lim
New Contributor

Created on ‎12-11-2017 04:30 AM

DataSet Query for Weekday

Hi,

 

I am new in fortianalyzer, my company would like to have report in working hours.

 

How do I modified SQL select query to filter out weekend and lunch hour logs from the below predefined dataset:

 

Dataset Name: Top-Users-By-Bandwidth select     coalesce(         nullifna(`user`),         nullifna(`unauthuser`),         ipstr(`srcip`)     )as user_src,     sum(         coalesce(sentbyte,0)+ coalesce(rcvdbyte,0)     ) as bandwidth,     sum(         coalesce(rcvdbyte,0)     ) as traffic_in,     sum(         coalesce(sentbyte,0)     ) as traffic_out,     count(*) as sessions from     $log where     $filter     and logid_to_int(logid) not in (4,7,14) group by     user_src having     sum(         coalesce(sentbyte,0)+ coalesce(rcvdbyte,0)     )>0 order by     bandwidth desc

 

3596
0 Kudos
1 Solution
hzhao_FTNT
Staff
Staff

Created on ‎12-11-2017 01:58 PM

Please try:

 

select coalesce( nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`) )as user_src, sum( coalesce(sentbyte,0)+ coalesce(rcvdbyte,0) ) as bandwidth, sum( coalesce(rcvdbyte,0) ) as traffic_in, sum( coalesce(sentbyte,0) ) as traffic_out, count(*) as sessions from $log where $filter and logid_to_int(logid) not in (4,7,14) and date_part('dow', from_itime(itime)) in (1,2,3,4,5) and $hour_of_day in ('09:00','10:00','11:00','13:00','14:00','15:00','16:00','17:00') group by user_src having sum( coalesce(sentbyte,0)+ coalesce(rcvdbyte,0) )>0 order by bandwidth desc

 

View solution in original post

1705
0 Kudos
2 REPLIES 2
hzhao_FTNT
Staff
Staff

Created on ‎12-11-2017 01:58 PM

Please try:

 

select coalesce( nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`) )as user_src, sum( coalesce(sentbyte,0)+ coalesce(rcvdbyte,0) ) as bandwidth, sum( coalesce(rcvdbyte,0) ) as traffic_in, sum( coalesce(sentbyte,0) ) as traffic_out, count(*) as sessions from $log where $filter and logid_to_int(logid) not in (4,7,14) and date_part('dow', from_itime(itime)) in (1,2,3,4,5) and $hour_of_day in ('09:00','10:00','11:00','13:00','14:00','15:00','16:00','17:00') group by user_src having sum( coalesce(sentbyte,0)+ coalesce(rcvdbyte,0) )>0 order by bandwidth desc

 

1706
0 Kudos
ks_lim
New Contributor
In response to hzhao_FTNT

Created on ‎12-12-2017 07:29 PM

Thanks for the quick response, all i need to know is the syntax.

I will work on the filter and test it

1665
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.