Report Types - Grouped Report

Grouped Report type provides the possibility of grouping all the column results according to the query that we type on Search bar. For example, if you want to see the IP addresses that make connections from inside network to outside, you can type the query as "Source.Position:in Destination.Position:out" and then select the grouped column as Source.IP. So it'll show you networks traffic of the IP addresses from inside to outside.

NOTE: If you want to see our article about how to prepare a query, you can follow this link

**Now let's create a Grouped Report sample. You can follow the steps to create one.**

1- First we must prepare the query for the report. In the example as below, we'll create a report including the most accessed web sites in Fortigate logs. The query should be like the example as below. So, if the query is ready, we can click on the Build Report button.

2- If this new page is shown up, we'll select Grouped Report, and then fill these fields as follows.

 

Index Type: This field is automatically set as Log when you click on Build Report button. Here, If you want to create the report with the logs of the registered source in device list, you must set this type as Log. You can select Captive Portal to get the results of hotspot events, Alerts to get alert events, and Logsign Events to get Logsign web interface events. The column names will be changed according to the index type.

Time Column: This is already specified as Time.Generated. This is one of time attributes that log will be shown up on the Logsign interface.

Query: It will be automatically specified too, as we create the report with the query that we typed on Search bar. You can change this query here, or type it manually.

Report Name: Type the name of our report.

Report Block: We must select the report block that we created before, to save our reports in it.

Rows Per Page: This is the count of logs which will be shown per page.

Grouped Column: The Grouped report structure will be configured by this column. In this example, we'll select this as URL.Domain as we want to see the most accessed web sites.

Min Event Count: The minimum event count is the minimum number of logs that is collected at Logsign to be shown on the Logsign Interface. If the event is not accumulated less than certain number that you set, Logsign doesn't show these logs on the Logsign interface. For example, if we want show a web site that accessed more than 10 times, we set this field as 10. So the report will show the web sites that is accessed more than 10 times. Here, we are going to set this as 1 to see all the web site accessed at least once.

Graph Type: Here we have 3 types of graphs. You can select it as Pie, Bar or Line. Here we select the Pie graph type to see the results on pie chart.

Filter Columns: We must select the filter columns here to summarize and look the only results that you want to see from all kind of log information.

Profiles: In this field, we can select the report profiles that we created before in Settings > Delegation > Report Profiles. By adding the profiles, the only users that have these report profiles will be able to see this report results. This is not a required field.

3- After you completed filling the required fields above, click on the Save button to see the report result. Here our report will be shown as below.

Have more questions? Submit a request

Comments