FortiAnalyzer
FortiAnalyzer can receive logs and Windows host events directly from endpoints connected to EMS, and you can use FortiAnalyzer to analyze the logs and run reports.
mantaransingh_FTNT
Article Id 197511
Purpose
Due to a known issue, logversion field is not inserted in the logs
There are some reports which depend on these field causing them come out blank.

Expectations, Requirements
For version 6.2.5.

Configuration
Workaorund.

- Remove the logversion filter from the Datasets 'and (eventtype is null or logver>=502000000)'

With below example, lets see how to modify a dataset and chart and how to add that in the report.

For example lets take the chart - 'Top Most Active Users'

1) Go to Report -> Layout, select the chart and select 'Clone'.

With this, the chart and dataset name are known.
Clone it is not necessary. Just select 'cancel/Return'.


2) Once the chart and dataset name known ,Clone that dataset and remove the logversion filter.

 

Default Dataset.

New Dataset.

 

- Save the new Dataset

3) Similarly under Report -> Chart, clone the chart and select the new Dataset there, and select 'Save/Ok'.

 

4) In the actual report go to Layout, select  the Chart to get chart properties. Select the new chart.


Select 'OK' and apply in the layout.

- Similar way other charts can be modified.


Contributors