Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
mario_thenetworkguy
New Contributor

Created on ‎06-13-2025 10:15 AM

FortiAnalyzer Custom Report

Hello,

 

I am having an issue when generating a custom report on FortiAnalyzer.

I have created a custom dataset, added it to a chart and when I run it from here with real data, the table is showing successfully with data.

The issue is when I need to add this chart into a report and run it, I always get in the pdf report No matching log data for this report but when I run it directly from the chart tab it is working.

Below is the dataset created, appreciate your help why in the report it is not working


SELECT
srcip,
dstip,
action,
policyid,
user,
$calendar_time(itime) AS "time_stamp"
FROM $log
WHERE $filter
AND type = 'traffic'
AND subtype = 'forward'
AND policyid = 120
AND `group` = 'users'
ORDER BY eventtime DESCchart.pngReport.png

 

Labels:
570
0 Kudos
7 REPLIES 7
funkylicious
SuperUser
SuperUser

Created on ‎06-13-2025 10:38 AM

hi,

in the report settings, are you defining the correct period of time and also selecting the correct device to run the sql select on logs ?

"jack of all trades, master of none"
"jack of all trades, master of none"
557
0 Kudos
mario_thenetworkguy
New Contributor
In response to funkylicious

Created on ‎06-13-2025 10:43 AM

Hello,

Thanks for ur reply, yes I have specified yesterday same as when I run it on the chart, and the device is selected to all (I only have one FGT connected to Analyzer)report config.png

553
0 Kudos
funkylicious
SuperUser
SuperUser
In response to mario_thenetworkguy

Created on ‎06-13-2025 10:45 AM Edited on ‎06-13-2025 10:49 AM

ok, then it's really strange.

i created a really quick report / chart / dataset with the following select and worked just fine.

 

SELECT
srcip,
dstip,
action,
policyid,
user,
$calendar_time(itime) AS "time_stamp"
FROM $log
WHERE $filter
AND type = 'traffic'
AND subtype = 'forward'
ORDER BY eventtime DESC

 

L.E. maybe you have some kind of filter under the report settings. also, although you have only a FGT in the ADOM try selecting it.

"jack of all trades, master of none"
"jack of all trades, master of none"
550
0 Kudos
mario_thenetworkguy
New Contributor
In response to funkylicious

Created on ‎06-13-2025 11:00 AM

May I ask which FortiAnalyzer version you have ? I might now think as it is a bug or something; I don't have any filter added into the report setting and I tried selecting the device manually and same thing.

536
0 Kudos
funkylicious
SuperUser
SuperUser
In response to mario_thenetworkguy

Created on ‎06-13-2025 11:12 AM

FAZ v7.2.9

"jack of all trades, master of none"
"jack of all trades, master of none"
526
0 Kudos
mario_thenetworkguy
New Contributor
In response to funkylicious

Created on ‎06-13-2025 11:17 AM

Mine is on 7.6.2

518
0 Kudos
filiaks1
Contributor II

Created on ‎06-30-2025 07:36 AM Edited on ‎06-30-2025 07:37 AM

Strange ::ffff in the report for source/destination ip seems to match 839350 (Resolved Issues | FortiAnalyzer 7.2.2 | Fortinet Document Library ) . It should be resolved for the logs but maybe for the reports it is in 7.6.x as @mario_thenetworkguy  mentioned that his version is ok.

285
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.