Report Types - Grouped (∑) Plus Report

Grouped Plus report type provides you to add different columns with separate columns as well as to make mathematical calculations with the results that collected from the sources.

As you can see from the symbol of ∑, this report type has the ability of making summation. For example, you can create a report to see the download amount of the users by sorting their IP addresses or usernames.

You can see either the total bandwidth usage (Bytes.Received + Bytes.Sent) or just the download amount (Bytes.Received) by selecting the sum columns.

You need to follow the steps below to create a Grouped Plus report.

 

1- You can create a new query on Search menu. For example, if our source is Fortigate, you can prepare the query as below.

If the query is correct and the results has been flowed after you created, you can click on Build Report button.

2- In the window that'll open, you'll need to select the report type as Grouped Plus (∑) and then fill the required fields.

Index Type: This field is automatically set as Log when you click on Build Report button. Here, If you want to create the report with the logs of the registered source in device list, you must set this type as Log. You can select Captive Portal to get the results of hotspot events, Alerts to get alert events, and Logsign Events to get Logsign web interface events. The column names will be changed according to the index type.

Time Column: This is already specified as Time.Generated. This is one of time attributes that log will be shown up on the Logsign interface.

Query: It will be automatically specified too, as we create the report with the query that we typed on Search bar. You can change this query here, or type it manually.

Report Name: Type the name of our report.

Report Block: We must select the report block that we created before, to save our reports in it.

Rows Per Page: This is the count of logs which will be shown per page.

Grouped Column: The Grouped report structure will be configured by this column. In this example, we'll select this as URL.Domain as we want to see the most accessed web sites.

Min Event Count: The minimum event count is the minimum number of logs that is collected at Logsign to be shown on the Logsign Interface. If the event is not accumulated less than certain number that you set, Logsign doesn't show these logs on the Logsign interface. For example, if we want show a web site that accessed more than 10 times, we set this field as 10. So the report will show the web sites that is accessed more than 10 times. Here, we are going to set this as 1 to see all the web site accessed at least once.

Sum Columns: You'll need to select the column results to be summed. Here you can select these columns as Bytes.Received or/and Bytes.Sent as we'll calculate the bandwidth usage.

Sum Column Attributes (Unit and Convert): After the calculation columns are selected, here you can select the calculation unit. You can set this field as MB or GB as you'll convert the sum results of bandwidth usage.

You also need to add a calculation formula for the results. In this example, as we'll collect the data with byte format, we can select this field as /(1024*1024) to convert it to MB. You'll need to select it as /(1024*1024*1024) to convert it to GB.

Value Columns: You can select a column to view the transaction count of this column's results according to the query.

Unique Columns: The selected columns here will show the unique count of these column results according to the query.

Term Columns: You can view more column results according to the query in this field. For example, if you grouped the results by the IP addresses you can also add username column here to see the username info of that IP addresses.

Order By: You can order or sort the results by the columns that you selected above. First you need to select the column type as Term, Count, Unique or Sum and then choose the column name.

Graph Type: Here we have 3 types of graphs. You can select it as Column, Bar, Line or Area. Here we select the Column graph type to see the results on column chart.

Filter Columns: We must select the filter columns here to summarize and look the only results that you want to see from all kind of log information.

Profiles: In this field, we can select the report profiles that we created before in Settings > Delegation > Report Profiles. By adding the profiles, the only users that have these report profiles will be able to see this report results. This is not a required field.

Category: You can select and assign this report to a category to view it quickly later by using these categories. Here you can select it as Custom/My Report.

Compliance: You can select and assign the global standarts for your report such as FISMA, ISO27001, SOX etc. This is not a required field.

 

After you finished to complete the required fields, you can click on Save button to finalize the creation of the report.

3- You'll see the results with the values that you set above. After that you can filter the results by the columns that you've selected as Filter Columns.

Have more questions? Submit a request

Comments