QRadar: 'Unioned Flows' option unavailable in QRadar Network Activity tab

Troubleshooting

Problem

There is no longer an option to display 'Unioned Flows' in IBM QRadar products as of version 7.2.1 (MR1).

Symptom

In the Network Activity tab, the Display: drop-down box will no longer list a Unioned Flows option.

Cause

The Unioned Flows view displayed several flows in one uninterrupted pattern across several intervals, in a single record. This functionality was removed beginning in version 7.2.1 (MR1). However, the Users Guide and QRadar Online Help still refer to this functionality.

Resolving The Problem

All references to Unioned Flows will be removed from the documentation in a future release.

To obtain the equivalent results to the Unioned Flows display option, perform the following search:
In the Network Activity tab, perform a time-series search. Then, Group By Source IP, Source port, Destination IP, Destination Port, and Protocol.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Network Activity","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3;7.2.8;7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: 'Unioned Flows' option unavailable in QRadar Network Activity tab

Troubleshooting

Problem

Symptom

Cause

Resolving The Problem

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?