I have the same problem with fortianalyzer vm v.6.0.3. When I create a report, it only shows me the last x days.
I am not sure if this is a problem with "disk quota" since I can filter all the expected logs in FortiView/Log View to what extent I want.
I also ran the query manually but the same problem still persisted:
select coalesce(nullifna(`user`), nullifna(`unauthuser`), ipstr(`srcip`)) as user_src, sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0)) as bandwidth, sum(coalesce(rcvdbyte, 0)) as traffic_in, sum(coalesce(sentbyte, 0)) as traffic_out, count(*) as sessions from $log where $filter and (logflag&1>0) and ( ( lower(`app`) = lower('YouTube')) AND (`srcip` <<= inet('X.Y.Z.0/24'))) group by user_src having sum(coalesce(sentbyte, 0)+coalesce(rcvdbyte, 0))>0 order by bandwidth desc
Do "Datasets" queries default to some value and once it hits x# of records, they terminate the queries?
We are using approx. 80 ADOMS. We sometimes had a problem mainly with the webfilter log that no result was generated or only for some days but only under some ADOM. When I backed up the logs for the specific ADOM to FTP and uploaded them back the report was OK.
Probably corrupted database? (version was 5.0.10)
Now we are on 5.2.7 (1 month) and it is OK. We will see.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.