Import Tools

phClickHouseImport

This tool is used to migrate eventDB data into your ClickHouse database. The phClickHouseImport tool requires FortiSIEM 6.5.0 or higher.

This code block shows the commands that you can use with phClickHouseImport, followed by a table that describes them in more detail.

phClickHouseImport --src [Source Dir] --starttime [Start Time] --endtime [End Time]

--host [IP Address of the ClickHouse Server that the data will be imported to]

--orgid [Organization ID]

Example: phClickHouseImport --src /data/eventdb --starttime "2022-01-01 23:00:00" --endtime "2022-02-01 10:00:00" --orgid 1 --orgid 2001 --host 192.0.20.0

Note: EventDB data needs to be copied to the machine where this tool can run.

pHClickHouseImport Command

Description

--src [Source Dir]

Provide the source directory that contains the eventDB data. The default path is

/data/eventdb/CUSTOMER_1/default

If a path is provided, the data path will be created as:

<user input path> + “/CUSTOMER_1/default”

Example: If --src /test is used, the data path will be created as /test/CUSTOMER_1/default

--starttime [Start Time]

Starting time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the Start Time with quotation marks.

Example: phClickHouseImport --src /data/eventdb --starttime "2022-01-27 10:10:00" --endtime "2022-02-01 11:10:00"

--endtime [End Time]

The end time of events to be imported. It must be in the following format: "YYYY-MM-DD hh:mm:ss". The supported time zone is GMT. Make sure to enclose the End Time with quotation marks.

Example: phClickHouseImport --src /data/eventdb --starttime "2022-01-27 10:10:00" --endtime "2022-02-01 11:10:00"

--host [IP Address of the ClickHouse Server that the data will be imported to] The IP address of the ClickHouse server that the data will be imported to. If the host IP address is not provided, then localhost is used. The default IP address is 127.0.0.1.
--orgid [Organization ID]

Provide the ID of the organization with the events to be imported. The number can be from 0 to 4294967295. Multiple entries are allowed by adding --orgid [Organization ID] for each entry. Only matched orgid will be migrated.

Example: phClickHouseImport --src /data/eventdb --starttime "2022-01-01 23:00:00" --endtime "2022-02-01 10:00:00" --orgid 1 --orgid 2001 --host 192.0.20.0