To filter for multiple source IP addresses, you can use the Fortianalyzer filter and select the "Address" filter type. This way you can add multiple IP addresses and filter for them at the same time.
Follow these steps to create the filter:
Open the report in Fortianalyzer. Click on "Filter". Select "Address" as the filter type. Click the "Add" button. Enter the IP addresses you want to filter by. Click "Apply" to apply the filter. You can also create a custom filter that provides the same functionality. Here is an example of a custom filter to filter by multiple IP addresses:
makefile Copy code srcip=192.168.1.1-192.168.1.10 This filter will search for all protocols with a source IP address between 192.168.1.1 and 192.168.1.10.
Thank you for reply! Your suggestion doesn't seem to work, the report shows all ips that come from my dataset. (I tried separate ips with commas and space also) I created a custom report in fortianalyzer, then edit report > settings > filter section. In this filter section I would like to give more srcip-s.
Other problem is that the ips is not in a continous range, they are individual /32 addresses. I tried to give a '('ip1','ip2'..)' list in dataset also, but it also doesn't work. :( dataset query: SELECT srcip, dstip, dstport FROM $log WHERE $filter AND srcip in ('ip1,'ip2','ip3','ip4) GROUP BY srcip, dstip, dstport ORDER BY srcip, dstip LIMIT 10000 Do you think it is good? Thank you
The sql query work at last. That was my fault: in chart there was a top10 limitation. (Also change srcip to ipstr(srcip) in the where clause) The original question is still remain: how can I filter more individual ip addresses in the filter section of report setting ?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.