Hi,
I would like create a dataset that would query top destinations with corresponding top users per destination.
Please assist me in creating syntax for data set
Thanks in advance,
Toperski
Please try:
Log type: traffic
select coalesce(root_domain(hostname), ipstr(dstip)) as destination, coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, sum(coalesce(`sentbyte`, 0)+coalesce(`rcvdbyte`, 0)) as bandwidth from $log where $filter and logid_to_int(logid) not in (4, 7, 14) group by destination, user_src order by bandwidth desc
create a chart based on this dataset:
chart type: table
Table type: drilldown
Column1: destination
column2: user_src
column3: bandwidth
Regards,
hz
Hi hz,
Thanks for the reply and that helped a lot. What parameter should I change to get the top 5 users for each top destinations?
TIA,
toperski
Please set "Drilldown Top" to 5.
Regards,
hz
User | Count |
---|---|
991 | |
831 | |
462 | |
440 | |
132 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.