Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor II

Fortianalyzer custom report filter - same log field with more value

Dear All,


In fortianalyzer I created a simple custom report. I should filter this report by several source ip, but the filter section doesn't enable to use the same "log field" more than once.

How can I create filter to use a bunch of ip addresses?


thank you very much

Contributor III


To filter for multiple source IP addresses, you can use the Fortianalyzer filter and select the "Address" filter type. This way you can add multiple IP addresses and filter for them at the same time.

Follow these steps to create the filter:

Open the report in Fortianalyzer.
Click on "Filter".
Select "Address" as the filter type.
Click the "Add" button.
Enter the IP addresses you want to filter by.
Click "Apply" to apply the filter.
You can also create a custom filter that provides the same functionality. Here is an example of a custom filter to filter by multiple IP addresses:

Copy code
This filter will search for all protocols with a source IP address between and

Hope this helps!


Thank you for reply!
Your suggestion doesn't seem to work, the report shows all ips that come from my dataset. (I tried separate ips with commas and space also)
I created a custom report in fortianalyzer, then edit report > settings > filter section. In this filter section I would like to give more srcip-s.

Other problem is that the ips is not in a continous range, they are individual /32 addresses.
I tried to give a '('ip1','ip2'..)' list in dataset also, but it also doesn't work. :(
dataset query:
SELECT srcip, dstip, dstport
FROM $log
WHERE $filter AND srcip in ('ip1,'ip2','ip3','ip4)
GROUP BY srcip, dstip, dstport
ORDER BY srcip, dstip
LIMIT 10000
Do you think it is good?
Thank you


Any suggestion please


The sql query work at last. That was my fault: in chart there was a top10 limitation. (Also change srcip to ipstr(srcip) in the where clause)
The original question is still remain: how can I filter more individual ip addresses in the filter section of report setting ?


thank you




try syntaxt -> 



$filter AND ipstr(`srcip`) IN ('','')



Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Top Kudoed Authors