FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
tsimeonov_FTNT
Article Id 198371
Description
This article describes the built in Time and Date macros in FortiAnalyzer.

Solution
Macros can be used on the FortiAnalyzer to fine tune report output.  Below is a list of macros which manipulate date and time formatting:

Macros
Description

Example




$hour_of_day
displays hour in 24 hrs format

18:00





$HOUR_OF_DAY
displays date (YYYY-MM-DD) and hour in 24 hrs format

2018-01-13 18:00





$day_of_week
displays number and name of the day of the week  (WDAY 2-Mon)

Mon





$day_of_month
displays day of the month in two digits format 01-12

01





$DAY_OF_MONTH
displays month in format YYYY-MM-DD

2018-01-01





$week_of_year
displays year and week of of the year

2018 Week-10





$month_of_year
displays month in format YYYY-MM

2018-12





$calendar_time
displays date and time in format YYYY-MM-DD HH:MM:SS, same as output from fuction from_itime(itime)

2018-01-13 18:36:06





$flex_timescale
Time scale changes according to the report time period:
time period > 28 days                             
time period > 12 hours and <= 28 days    
time period > 4 hours and <= 12 hours    
time period > 1 hour                                 
<= hour

display day: 2018-02-25
display hour: 2018-02-25 14:00
display 30 min granularity: 2018-02-25 14:30
display 5 min granularity: 2018-02-25 14:40
display 1 min granularity: 2018-02-25 14:42






These macros have different output format in report and dataset tests. The table represents the report output format.


Contributors