SIEM & UEBA

 View Only
Expand all | Collapse all

FortiSEIM round values

  • 1.  FortiSEIM round values

    Posted Sep 16, 2022 11:20 AM
    I am looking for something similar to Azure KQL's Bin function. As in the example below average counter is calculated every 5mins
    https://squaredup.com/blog/aggregating-and-visualizing-data-with-kusto/

    We want to see connection/bytes of data transferred every day in the last 7 days from some specific sources.

    For example, I can get SUM(Total Bytes4) for a day or even 7 days, but not in the form of every day for last 7 days.


    Thanks


  • 2.  RE: FortiSEIM round values

    GROUP ADMIN
    Posted Sep 16, 2022 11:30 AM
    What if you added a group by on the Event Receive Date? Does that help?

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------



  • 3.  RE: FortiSEIM round values

    Posted Sep 18, 2022 04:01 PM
    Try adding 

    DayOfWeek( Event Receive Time )

    To the group by condition


  • 4.  RE: FortiSEIM round values

    Posted Sep 20, 2022 08:26 AM
    Thank You Chris and Daniel. That seems to do the trick but it needs more refinement.
    Now I see the results for multiple IP's on same day, how can i get only top 1 or top 3 results for each day, instead of so many.


  • 5.  RE: FortiSEIM round values

    GROUP ADMIN
    Posted Sep 21, 2022 09:46 AM
    It is not currently possible to limit by on a group.

    ------------------------------
    Daniel
    FortiSIEM Product Manager
    ------------------------------