Question & Answer
Question
How can I set up a weekly report that displays all active log sources and total events per log source?
Answer
Follow these steps to create the report on the status of your active log sources:
- Log in to the QRadar console.
- Click the Reports tab.
- Click Actions.
- Click Create.
- This opens up the Report Wizard.
- Choose the Report Schedule and click Next.
- Choose the Layout of the report and click Next.
- Enter a Report Title in the text Box.
- In the Chart Type drop-down menu, select Log Sources.
- This brings you to a new page. Under Log Sources, click the check box that says All log sources.
- Under Data Options, set the Order by the option to Status, and Ascending.
This report lists all log sources, with the enabled log sources at the top of the report.
- For other Data Options, including Enabled, Protocol, Target Collector, Auto Discovered, and Name select one of these options from the drop-down menu.
Note: If you don't want certain log sources to show up in reports, you can create an LSG for LS's which you want to omit from the Report.
Results
The final output generates a report that displays all active log sources and total events per log source.
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwtmAAA","label":"Reports"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"7.2.0;7.3.0"}]
Was this topic helpful?
Document Information
Modified date:
16 November 2022
UID
ibm16837613