IBM Support

QRadar: Why do support request get_logs?

Question & Answer


Question

If a client wants to resolve an issue in quickly, why do support often request get_logs needed to include in the case while they are opening the case?

Cause

Without logs, QRadar Support might be limited in their ability to raise issues to development or duplicate issues experienced by users. If your security policy strictly prohibits sharing logs with IBM Support, you might need to request a Cisco WebEx® session with QRadar Support so we can investigate the issue. If log uploads to your case and Cisco WebEx® sessions are not allowed by your team, sanitizing logs before you open a support case is possible with our script. If none of these options work for your team, engage IBM Security Expert Labs for an onsite visit or contacting your IBM Account Manager to discuss options based on your security policies. 

Answer

Support always request get_logs for cases to analyze the issue. Logs, MustGather, are requested for accurate solutions. In some cases, the issue or error is already in public documents, and support can provide the useful public documents to customers.  In some other cases, support can arrange a Cisco WebEx® meeting and work with customers to execute some workaround to fix the issue or error.

The get_logs provide support team a basic idea about the customers QRadar environment: the QRadar software version, how many appliances in the deployment, what are the appliances, and much more valuable information. Support has tools to analysis the get logs, which help track down the exact root cause of the issue or error. Once the root cause of problem is identified, proper and quality support can be provided to customers. Having the logs, provides customers a quicker solution. 

[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
31 July 2023

UID

ibm16953783

Page Feedback