Fortinet black logo

Administration Guide

Home FortiAnalyzer BigData 7.0.3 Administration Guide
7.0.3
7.4.0
7.2.7
7.2.6
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.6
7.0.5
7.0.4
7.0.3
7.0.1
6.4.6
6.4.5
6.2.5
6.2.1

Log types (Global Search)

Log types (Global Search)

Global search includes a wide array of log types to help you ananlyize your log data and identify trends. Use the log type tools to narrow your search, isolate data, or compare two log searches at the same time.

Histogram

The log Histogram displays the number of logs collected within the time range selected in the Global Search settings. You can use your mouse to select a custom time range and zoom in on the log display

Event Inspector

Click the Query inspector button to open the Query Inspector panel, and then run the query. The Query Inspector panel shows the plain log search result object. The Stats tab shows the query information such as processing time, request time, etc.

Faceted Search (+, -, focus)

Click a log line to view the Log Details panel to display the Log Labels and Parsed Fields.

The following table describes the function of each icon in the Faceted Search:

Icon Description

Shows the value statistics of the label or fields.

Adds the label or field as a condition in query language. For example, app=DNS.
Excludes the label or field in the query language. Fore example, app!=DNS.

Displays only this label or field in the log item. For example, app=DNS.

Time Window

Ue the time window to select a time range for your log search. Relative time ranges are provided ( Last 5 minutes to Last 7 days). You can also use the From and To fields to specify a custom time range. Click the Back and Forward buttons to move back and forth in the Time Window.

Search History

Click Query history to show the log search history. After the query is run, you have the option to comment , favorite , clone , or delete the query.

Split View

Click the Split button to enable Split View mode. Split View displays two log search panes so you can search different content and view the results at the same time.

Live Streaming Search

Click the Live button at the top-right corner of your search to enable Live Log search. Live Log search displays search results in real-time. Click Pause to pause the real-time results, or click Exit live mode to return to normal mode.

Cross-Cluster Search Federation

Cross-Cluster search allows you to run searches against one or more remote FortiAnalyzer-BigData clusters. To perform a cross-cluster search, you must have a Search Federation configured. Click the Federation menu to open the Federation management UI.

Previous
Next

Log types (Global Search)

Global search includes a wide array of log types to help you ananlyize your log data and identify trends. Use the log type tools to narrow your search, isolate data, or compare two log searches at the same time.

Histogram

The log Histogram displays the number of logs collected within the time range selected in the Global Search settings. You can use your mouse to select a custom time range and zoom in on the log display

Event Inspector

Click the Query inspector button to open the Query Inspector panel, and then run the query. The Query Inspector panel shows the plain log search result object. The Stats tab shows the query information such as processing time, request time, etc.

Faceted Search (+, -, focus)

Click a log line to view the Log Details panel to display the Log Labels and Parsed Fields.

The following table describes the function of each icon in the Faceted Search:

Icon Description

Shows the value statistics of the label or fields.

Adds the label or field as a condition in query language. For example, app=DNS.
Excludes the label or field in the query language. Fore example, app!=DNS.

Displays only this label or field in the log item. For example, app=DNS.

Time Window

Ue the time window to select a time range for your log search. Relative time ranges are provided ( Last 5 minutes to Last 7 days). You can also use the From and To fields to specify a custom time range. Click the Back and Forward buttons to move back and forth in the Time Window.

Search History

Click Query history to show the log search history. After the query is run, you have the option to comment , favorite , clone , or delete the query.

Split View

Click the Split button to enable Split View mode. Split View displays two log search panes so you can search different content and view the results at the same time.

Live Streaming Search

Click the Live button at the top-right corner of your search to enable Live Log search. Live Log search displays search results in real-time. Click Pause to pause the real-time results, or click Exit live mode to return to normal mode.

Cross-Cluster Search Federation

Cross-Cluster search allows you to run searches against one or more remote FortiAnalyzer-BigData clusters. To perform a cross-cluster search, you must have a Search Federation configured. Click the Federation menu to open the Federation management UI.

Previous
Next