Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Bill_K
New Contributor

Created on ‎10-01-2015 09:19 AM

Report for Specific User and Destination IP Range

I'm using the following dataset and when I run the report with a filter for 'User', it will not select a single user for the date range, it returns all users who have accessed the DSTIP range:

 

[style="background-color: #ffff00;"]select   dstip,[/style] [style="background-color: #ffff00;"] `user`, srcip, [/style] [style="background-color: #ffff00;"]sum(coalesce(sentbyte,0)+coalesce(rcvdbyte,0)) AS Bandwidth, [/style] [style="background-color: #ffff00;"]sum($browse_time) as browsetime,[/style] [style="background-color: #ffff00;"]from_itime(itime) as date_time[/style] [style="background-color: #ffff00;"]from $log [/style] [style="background-color: #ffff00;"]where[/style] [style="background-color: #ffff00;"]dstip between '198.45.48.0' and '198.45.63.255'[/style] [style="background-color: #ffff00;"]group by `user`, date_time, dstip, srcip, hostname[/style] [style="background-color: #ffff00;"]order by user asc, date_time asc[/style]

 

Can anyone help me fix this so I can select a single user.

 

Thanks

 

 

10486
0 Kudos
6 REPLIES 6
hzhao_FTNT
Staff
Staff

Created on ‎10-01-2015 10:47 AM

Hi there, if you know the user name, please apply a user filter in Report->Advanced Settings->Add Filter. BTW, if you group by itime, you won't see aggreted bandwidth/browsetime during report period, suggest to remove it or use macro like $DAY_OF_MONTH, $DAY_OF_WEEK, $HOUR_OF_DAY... Please also add $filter into your dataset, report filter won't work without it.

 

Regards,

hz

3304
0 Kudos
Bill_K
New Contributor
In response to hzhao_FTNT

Created on ‎10-02-2015 09:51 AM

HZ:  I used the "User" filter in Advanced settings and it did not work.  NOTE:  I've used the "User" filter for other reports and it worked appropriately.  My thought is that the DSTIP range is overriding the filter applied under Advanced Settings.

 

Appreciate any help you can provide

Bill

3304
0 Kudos
hzhao_FTNT
Staff
Staff
In response to Bill_K

Created on ‎10-02-2015 10:20 AM

Hi Bill,

 

I have tested below dataset with "user" filter applied, it looks OK to me. Both user and dstip filter can be applied

select `user` as usr, srcip, dstip, sum(coalesce(sentbyte,0)+coalesce(rcvdbyte,0)) AS Bandwidth, sum($browse_time) as browsetime from $log where $filter and dstip between '198.45.48.0' and '198.45.63.255' group by usr, dstip, srcip order by usr asc

 

Regards,

hz

3304
0 Kudos
Bill_K
New Contributor
In response to hzhao_FTNT

Created on ‎10-02-2015 10:38 AM

That worked perfectly - Thanks!!!

3304
0 Kudos
Ronildo
New Contributor
In response to Bill_K

Created on ‎06-29-2016 03:06 PM

Perfec Thank you ;)

3304
0 Kudos
Alby23
Contributor II

Created on ‎07-12-2016 07:28 AM

You need to add the $filter to the where clause.

 

Just like this.

 

[<font]select   dstip, [<font] `user`, srcip, [<font]sum(coalesce(sentbyte,0)+coalesce(rcvdbyte,0)) AS Bandwidth, [<font]sum($browse_time) as browsetime, [<font]from_itime(itime) as date_time [<font]from $log [<font]where $filter and [<font]dstip between '198.45.48.0' and '198.45.63.255' [<font]group by `user`, date_time, dstip, srcip, hostname [<font]order by user asc, date_time asc

3304
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.