Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
kimeeeed
New Contributor

Created on ‎10-26-2024 05:21 AM

FortiAnalyzer dataset query questions

Hi, I'm using fortianlyzer and have a question during dataset creation for report output.

I wrote the query below to create a forticlient uuid for the logged-in vpn user and it works fine.
Below is an example of a table made of query statements and queries.

 

- select user, fctuid from $log where $filter and ( ( ( lower(logid) = lower('0107045124'))))

abf1b07a-11dc-4dc6-9e6a-487dc839f207.png

 

Here, the user name is different, and I want to put a condition so that only the same line with the fctuid value is output, but it doesn't work well 

 

GROUP BY fctuid
HAVING COUNT (DISTINCT user) > 1 I tried adding this section but it doesn't work well.

Labels:
335
0 Kudos
1 Solution
kimeeeed
New Contributor

Created on ‎11-07-2024 11:52 PM

hello, @Anthony_E 

 

I solved this problem with a sub query. Please refer to the query below

 

SELECT
from_itime(itime) AS itime,
`user`,
`fctuid`
FROM
$log
WHERE
$filter
AND (((lower(logid) = lower('0107045124'))))
AND `fctuid` IN (
SELECT `fctuid`
FROM $log
WHERE $filter
AND (((lower(logid) = lower('0107045124'))))
GROUP BY `fctuid`
HAVING COUNT(DISTINCT `user`) > 1
)
ORDER BY
`id`,
`itime`

View solution in original post

161
5 REPLIES 5
Anthony_E
Community Manager
Community Manager

Created on ‎10-28-2024 10:21 PM

Hello,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
266
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎11-04-2024 05:51 AM

Hello,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
197
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎11-07-2024 11:13 PM

Hi @vraev,

 

Could you please have a look?

Anthony-Fortinet Community Team.
167
0 Kudos
kimeeeed
New Contributor

Created on ‎11-07-2024 11:52 PM

hello, @Anthony_E 

 

I solved this problem with a sub query. Please refer to the query below

 

SELECT
from_itime(itime) AS itime,
`user`,
`fctuid`
FROM
$log
WHERE
$filter
AND (((lower(logid) = lower('0107045124'))))
AND `fctuid` IN (
SELECT `fctuid`
FROM $log
WHERE $filter
AND (((lower(logid) = lower('0107045124'))))
GROUP BY `fctuid`
HAVING COUNT(DISTINCT `user`) > 1
)
ORDER BY
`id`,
`itime`

162
Anthony_E
Community Manager
Community Manager

Created on ‎11-07-2024 11:55 PM

Hello,

 

Thanks a lot for sharing it with us!!

 

Regards,

Anthony-Fortinet Community Team.
156
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.