why the formula that allows to get column's names from log:
select * from $log ....
doesn't work
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @psniech ,
I know I also used that SQL query before on the previous version of FortiAnalyzer.
I think they forgot to update the training document.
Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.
In addition, As you can see these screens are from the oldest version of FortiAnalyzer.
Because of that, they need to update training documents. :)
Hello @psniech ,
Can you explain the issue few more words?
You try to write datasets on FortiAnalyzer, right? If you say yes, can you share all SQL queries with us?
Sorry, it was a problem with the browser. Now is displaying properly column names. Problem solved.
Hi,
I was wrong. According to training materials formula:
select * from $log
should display column names from relevant log. but as I can see it gives syntax error:
"Merge: please use specific columns instead of '*'
Hello @psniech ,
If you move the mouse cursor to the "from $log" field, you can see the fields in the relevant database.
Hi,
I know that it works like you mentioned. But before it was also possible to use formula: select * from $log and it worked. I have such a formula in current version of training materials for FortiAnalyzer Analyst training, that's because I have posted this qestion.
Hi @psniech ,
I know I also used that SQL query before on the previous version of FortiAnalyzer.
I think they forgot to update the training document.
Actually, I understand why removed this SQL query. Because when you ran that query, FortiAnalyzer was fetching all logs from the log database. This actually means that it puts a load on the device. They have brought this convenience so that this query does not have to be run continuously.
In addition, As you can see these screens are from the oldest version of FortiAnalyzer.
Because of that, they need to update training documents. :)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1629 | |
1060 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.