How To
Summary
In this article, administrators can understand how to set the number of rows of data displayed in a search or set a default search result limit for the Log Activity or Network Activity tab.
Environment
Administrators can define a global search result limit or configure how many rows are displayed in the user interface by updating the results per page default configuration.
Search Limit
Specifies the number of rows that a search returns on the Edit Search window. The Results Limit field also appears on the Results window. By default, the value in the System Settings is 1,000. If you need to display more results, users can change the default value in the search in the Result Limit field.
- For a saved search, the limit is stored in the saved search and reapplied when search is loaded.
- When you are sorting a column in the search result that has a row limit, sorting is done within the limited rows, which are shown in the data grid.
- For a grouped by search where time series chart is turned on, the row limit applies only to the data grid. The Top N list in the time series chart controls how many time series are drawn in the chart.
Figure 1: Use the Results Limit field to override the System Settings value to increase or decrease the results returned in the search.
Note: The Result Limit field exists as an Advanced Search (AQL) operator named LIMIT. If you run an advanced search and want to call a limit in your results, it must be defined before the start time in your query.
Note: The Result Limit field exists as an Advanced Search (AQL) operator named LIMIT. If you run an advanced search and want to call a limit in your results, it must be defined before the start time in your query.
SELECT *
FROM events LIMIT 100
START '2021-10-28 10:00'
STOP '2021-10-28 11:00'
Result Per Page
If you run a search with a result of more than one hundred events, QRadar splits the remainder across multiple pages. The 'Results Per Page' setting allows administrators to define how many rows of data are returned in the default view when a search is run. The remainder of the search is displayed as pages of more information.
Figure 2: Example of the results displayed per page in the user interface.
Both default settings can be changed in the Admin tab.
Steps
- Log in to QRadar as an administrator.
- Click the Admin tab.
- Click the System Settings icon.
- From the Console Settings section, configure the following values:
- Result Per Page - Sets the default number of rows displayed per page in the user interface.
- Default Search Limit - Sets the default limit for any search.
Figure 1: System settings can be configured to set the page view limits or search limit for all users globally.
- From the Admin tab, click Deploy Changes.
Results
After the system deploys the changes to all hosts, run a search to configure the new limitations or rows displayed in the Log Activity or Network Activity tab.
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"TS007777525","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
28 February 2022
UID
ibm16557118