Viewing Nodes aggregations

To view the Nodes module's Aggregations tab, follow these steps.

How to view Node aggregations

1. In the FortiDLP Console, on the left-hand sidebar, click .
   
2. Select the Aggregations tab.
3. Optionally, do the following:
   • To view archived nodes, on the top-right corner of the page, click and then turn the Hide archived nodes toggle off.
     

   You can find detailed information relating to Agent archiving in the FortiDLP Administration Guide.

   • To filter nodes by entering a search query:
     1. Click the search bar.
     2. Select a search property from the menu, or type a text string to search for a property and then select it (the panel displays matching nodes, labels, and properties as you type). For some properties, you can also use the time selector.
        

     You can hover over any property in the menu to view a tooltip.

     3. Select or type one of the following operators (the options shown are dependent on what you entered at step b):
        • = (equals).
        • != (does not equal).
        • in (in). For example, entering country in ["United States", "United Kingdom"] returns nodes that were last located in either the US or the UK.
        • !in (not in). For example, entering user.department !in [Finance, Sales] returns nodes with associated users who are not from either the Finance or the Sales department.
        • < (less than).
        • <= (less than or equal to).
        • > (greater than).
        • >= (greater than or equal to).
     4. Type a search string. The search is case insensitive, but strings containing spaces must be wrapped in double quotes—for example, country != "united states".
     5. Do one of the following:
        • To submit your query, press Enter or click Search now.
          
        • To add another filter:
          1. Click And and repeat the steps above.
             
          2. Press Enter or click Search now.

             Multiple filters can be used to perform AND searches. OR searches are not supported. However, you can use the in or !in operators to apply OR logic in relation to specific properties. For example, to search for nodes from either the United States or the United Kingdom, enter country in ["United States", "United Kingdom"].

   • To filter by a specific value on the page or view more information about a value, click the value and then click the relevant context box button.

   The following list summarizes the buttons that display: Filters the current page for nodes with the same value. Filters the current page for nodes without the value. Copies a value to your clipboard. Filters by a value within the Investigate module. Displays more information about a value. Displays a submenu containing the following options: Filters by a value within the Users module. Filters by a value within the Admin console.

   • To modify the aggregations, select different properties/Agent component states from the menus. For the "General deployment" aggregations, you can also change the Top 10 default. Top menu options show the most common values for a property and Bottom menu options show you the least common values.
     
   • To edit labels:
     • To assign labels:
       1. Filter the tab so that only the nodes you want to assign labels to are in view.
       2. At the top of the page, click Assign labels.
       3. In the Assign labels dialog box, select the labels to assign.
       4. Click Assign labels.
     • To unassign labels:
       • Filter the tab so that only the nodes you want to unassign labels from are in view.
       • At the top of the page, click> Unassign labels.
       • In the Unassign labels dialog box, select the labels to unassign.
       • Click Unassign labels.
   • To go to the Admin console's Agent deployment tab, at the top of the page, click> Enroll new Agents.
   • To go to the Admin console's Agent configuration tab, at the top of the page, click> Configure Agents.
   • To export nodes, see Exporting nodes.