- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
select *
why the formula that allows to get column's names from log:
select * from $log ....
doesn't work
Solved! Go to Solution.
- Labels:
-
FortiAnalyzer
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @psniech ,
I know I also used that SQL query before on the previous version of FortiAnalyzer.
I think they forgot to update the training document.
Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition, As you can see these screens are from the oldest version of FortiAnalyzer.
Because of that, they need to update training documents. :)
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @psniech ,
Can you explain the issue few more words?
You try to write datasets on FortiAnalyzer, right? If you say yes, can you share all SQL queries with us?
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry, it was a problem with the browser. Now is displaying properly column names. Problem solved.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I was wrong. According to training materials formula:
select * from $log
should display column names from relevant log. but as I can see it gives syntax error:
"Merge: please use specific columns instead of '*'
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello @psniech ,
If you move the mouse cursor to the "from $log" field, you can see the fields in the relevant database.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
I know that it works like you mentioned. But before it was also possible to use formula: select * from $log and it worked. I have such a formula in current version of training materials for FortiAnalyzer Analyst training, that's because I have posted this qestion.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @psniech ,
I know I also used that SQL query before on the previous version of FortiAnalyzer.
I think they forgot to update the training document.
Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.
NSE 4-5-6-7 OT Sec - ENT FW
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In addition, As you can see these screens are from the oldest version of FortiAnalyzer.
Because of that, they need to update training documents. :)
NSE 4-5-6-7 OT Sec - ENT FW