Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
phill_brown
New Contributor

FortiAnalyzer - help needed with custom report

Hi,

 

I am hoping someone can help me out in setting up a custom report, I am struggling to get the right data out.

 

I am not after anything too complex, simply a report to show:

[ul]
  • the top 20 URLs/IPs accessed (by sessions) for a specified category over the past 24 hours.
  • I'd hopefully like to be able to define the category prior to running the report, rather than it being hard-coded in the report.[/ul]

    Now, there are default reports showing similar information (such as showing top categories by sessions, just not top sessions per category) so I know this should be possible but being quite new to the Analyser I am not quite sure how!

     

    Thanks in advance,

     

    Phill

  • 3 REPLIES 3
    brazz_FTNT
    Staff
    Staff

    Hello, 

     

    How about below dataset ?

     

     

    SELECT coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) AS "Source", appcat AS "Application", hostname AS "Host", count(*) AS "Sessions"
    FROM $log
    WHERE $filter AND nullifna(appcat) is not null AND nullifna(hostname) is not null
    GROUP BY "Application" , "Source", "Host"
    ORDER BY "Sessions" desc
    LIMIT 20

     


     

     

     

     

    Let me know if this works for you. 

     

    Cheers

    phill_brown

    Thanks for the update, apologies for the delay in responding.

     

    I have configured the dataset as above however I am unsure how to apply this to a report! As mentioned, I'm new to the Analyser and there doesn't appear to be a great deal of documentation online about setting up these reports and utilising datasets.

     

    brazz_FTNT
    Staff
    Staff

    Hello, 

     

     

    [ul]
  • If you are are using pre-defined reports , all is done you just need to run your report. 
  • If you would like to create above data-set, once is created, you must insert the chart into your report. [/ul]

     

    Since you are new to the Fortinet's world , I would strongly suggest you review [link=https://docs.fortinet.com/uploaded/files/4592/FortiAnalyzer-6.0.2-Administration-Guide.pdf]FortiAnalyzer Administration Guide -section  Reports from page 93[/link]  . 

     

    I have also attached a very brief graph for you. 

     

    Rate my post if you find it helpful .

    *** This is just a very general overview. If you need more explanation you can either create a ticket with Fortinet support or take the NSE5 courses (FAZ section) 

     

    Cheers

     

     

     

     

     

     

  • Announcements

    Select Forum Responses to become Knowledge Articles!

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

    Labels
    Top Kudoed Authors