Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
phill_brown
New Contributor

Created on ‎10-05-2018 07:05 AM

FortiAnalyzer - help needed with custom report

Hi,

 

I am hoping someone can help me out in setting up a custom report, I am struggling to get the right data out.

 

I am not after anything too complex, simply a report to show:

[ul]
  • the top 20 URLs/IPs accessed (by sessions) for a specified category over the past 24 hours.
  • I'd hopefully like to be able to define the category prior to running the report, rather than it being hard-coded in the report.[/ul]

    Now, there are default reports showing similar information (such as showing top categories by sessions, just not top sessions per category) so I know this should be possible but being quite new to the Analyser I am not quite sure how!

     

    Thanks in advance,

     

    Phill

    • Labels:
    4145
    0 Kudos
    3 REPLIES 3
    brazz_FTNT
    Staff
    Staff

    Created on ‎10-08-2018 08:29 AM

    Hello, 

     

    How about below dataset ?

     

    

     
    

    SELECT coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) AS "Source", appcat AS "Application", hostname AS "Host", count(*) AS "Sessions" 
    FROM $log 
    WHERE $filter AND nullifna(appcat) is not null AND nullifna(hostname) is not null
    GROUP BY "Application" , "Source", "Host"
    ORDER BY "Sessions" desc
    LIMIT 20
    

     
    


     
     
     
     
    Let me know if this works for you. 
     
    Cheers
    
					
				
			
			
				
			
			
				
			
			
			
			
			
			
		
    
		
		
	

	
	

    
	
				
		
			
		
			
					
		
	
				
		
			
					
			
		
				
		
			
		
			
					
				
		
	
	

    
		
    
	
    
		
    
			
		
    
			
		
    
	
    
		
    
			
    
	
		
			
    
  1786

    
		
			
					
    
	
			
    
				
		
			
		
			
				
    
					
						
	
			0
		

	Kudos

					
				
    
			
			
		

	
		
    	
		
    
			
				
					
				
				
			
		
    
	
    
			
    
		

	

	

	

    

	

	

    
				
		
			
					
				
		
	
	

    
		
    
			
    
	
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	

    
		
    
	
    

    
		
    
	

	

	



    
			
		
    
            
    
                
    
            
    
        

	
		
    
		
	

	

	
    

    
		
			
    
	
    
		
	

	

		
	
		
    
			
    
	 
	 
	
	

	

	

	
		
    
			
    
			
	

	

		
    

	

	
		
    
			
			
    
	
    
		
    
			
    
	
		
			
					
    
	
			
					phill_brown
					
				
		

    
				
		
	
	

	
		
    
			
		
			
	

	
			
				
		
		
			
		
		
		
		
		
		
		
		
	
			
		

		
			
					
		
    
			New Contributor
		
    
	
				
		
			
					
    
	
		In response to brazz_FTNT
	
	

    
				
		
	
		
    
	
	

	
		
			
					
		
    
			Created on 
    

	
		
		
		‎10-16-2018
	
		
		05:36 AM
	
	

	
	
	
	
	
	
	
	
	
	
	
	
 
		
    
	
				
		
	
	

    
		
    
			
    
	
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
    
		
    

	

	
		
		
    
			
				
					
					
				
			
		
    
	
		
	

	

	

	

	

	

	

	
			
					
				
		

	

    
	
    
		
			
					
		
    
	
		
    
			
				
					
					
						
    Thanks for the update, apologies for the delay in responding.
     
    I have configured the dataset as above however I am unsure how to apply this to a report! As mentioned, I'm new to the Analyser and there doesn't appear to be a great deal of documentation online about setting up these reports and utilising datasets.
     
    
					
				
			
			
				
			
			
				
			
			
			
			
			
			
		
    
		
		
	

	
	

    
	
				
		
			 
 
    

		
			
					
		
	
				
		
			
					
			
		
				
		
			
		
			
					
				
		
	
	

    
		
    
	
    
		
    
			
		
    
			
		
    
	
    
		
    
			
    
	
		
			
    
  1795

    
		
			
					
    
	
			
    
				
		
			
		
			
				
    
					
						
	
			0
		

	Kudos

					
				
    
			
			
		

	
		
    	
		
    
			
				
					
				
				
			
		
    
	
    
			
    
		

	

	

	

    

	

	

    
				
		
			
					
				
		
	
	

    
		
    
			
    
	
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	

    
		
    
	
    

    
		
    
	

	

	



    
			
		
    
            
    
                
    
            
    
        

	
		
    
		
	

	

	
    

    
		
			
    
	
    
		
	

	

		
	
		
    
			
    
	 
	 
	
	

	

	

	
		
    
			
    
			
	

	

		
    

	

	
		
    
			
			
    
	
    
		
    
			
    
	
		
			
					
    
	
			
					brazz_FTNT
					
				
		

    
				
		
	
	

	
		
    
			
		
			
	

	
			
				
		
		
			
		
		
		Staff
		
		
		
		
		
	
			
		

		
			
					
		
    
			Staff
		
    
	
				
		
			
					
    
	
		
	
	

    
				
		
	
		
    
	
	

	
		
			
					
		
    
			Created on 
    

	
		
		
		‎10-20-2018
	
		
		01:21 PM
	
	

	
	
	
	
	
	
	
	
	
	
	
	
 
		
    
	
				
		
	
	

    
		
    
			
    
	
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
    
		
    

	

	
		
		
    
			
				
					
					
				
			
		
    
	
		
	

	

	

	

	

	

	

	
			
					
				
		

	

    
	
    
		
			
					
		
    
	
		
    
			
				
					
					
						
    Hello, 
     
     
    [ul]
  • If you are are using pre-defined reports , all is done you just need to run your report. 
  • If you would like to create above data-set, once is created, you must insert the chart into your report. [/ul]
     
    Since you are new to the Fortinet's world , I would strongly suggest you review [link=https://docs.fortinet.com/uploaded/files/4592/FortiAnalyzer-6.0.2-Administration-Guide.pdf]FortiAnalyzer Administration Guide -section  Reports from page 93[/link]  . 
     
    I have also attached a very brief graph for you. 
     
    Rate my post if you find it helpful .
    *** This is just a very general overview. If you need more explanation you can either create a ticket with Fortinet support or take the NSE5 courses (FAZ section) 
     
    Cheers
     
     
     
     
      
     
    • 
					
				
			
			
				
			
			
				
			
			
			
			
			
			
		
    
		
		
	

	
	

    
	
				
		
			
		
			
					
		
	
				
		
			
					
			
    
	
		
    
			
					
    
						
								
							
					
    
					
						
							
    
								
									
										
                                         
                                         
										
											
		
			
    
				Preview file
			
    
		
		
    
			34 KB
		
    
	
										
										
									
									
								
							
    
							
								
    
									
							    
    
							
							
						
						
					
				
			
				
			
		
    
	
	

    
		
				
		
			
		
			
					
				
		
	
	

    
		
    
	
    
		
    
			
		
    
			
		
    
	
    
		
    
			
    
	
		
			
    
  1786

    
		
			
					
    
	
			
    
				
		
			
		
			
				
    
					
						
	
			0
		

	Kudos

					
				
    
			
			
		

	
		
    	
		
    
			
				
					
				
				
			
		
    
	
    
			
    
		

	

	

	

    

	

	

    
				
		
			
					
				
		
	
	

    
		
    
			
    
	
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
		
	
				
		
			
					
				
		
			
		
			
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
					
				
		
			
					
				
		
			
					
		
	
				
		
			
					
		
	
				
		
	
	

    
		
    
	
    

    
		
    
	

	

	



    
			
		
    
            
    
                
    
            
    
        

	
		
    
		
	

	

	
    

    
		
		
	
    

	

	

    


			
				
    

	
			
				
    
					
						
    
							
		
    
			
    
	
			
				
					
				
				
			
		

    
		
    
	
							
    
								
								
							
    
							
    
								
    
	
									
								

    
							
    
						
    
					
				
    
			
		
	

    
			
		

	

	

				
		
		
			
		
	
	

    
		
    
			
    
	
		
			
     
    Announcements
    
	
    	

    Select Forum Responses to become Knowledge Articles!
    

    Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
    
        
    

     
    
		
			
		
			
     
    Labels
    
	
	
	
    
		
			
    
	
    
		
     
    
		
    
			
    
				
					
    
						
    
							
								
        
	
							
						
    
					
    
				
				
    
					
    
						
		
				
    
					
    
	
	

    
				
    
			
	
					
    
				
    
			
    
		
    
		
     
    
	
    

    
			
		
	
    

     
    
		
			
     
    Top Kudoed Authors
    

	

	

	

	
		
    
	 
	
	
	

    
	
	
    View all
    


     
    
		
	
	

    
		
    
	
    
		
    
			
		
    
	
    
		
    
			
    
	
		
			
    
	
    
		
    
			
    
	
		
			
		
	
	

    
		
    
	
    
		
    
			
    
	
		
			
     
     
     
      
     Broad. Integrated. Automated. 
    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
     
     
     Social Media  
     
     
     Security Research  
     
     Company  
     
     
     News & Articles  
     
     Contact Us  
     
     
     
    

    
		
    
			
    Copyright  2024 Fortinet, Inc. All Rights Reserved.