You can use the IBM®
QRadar® Experience Center app to upload and
analyze your own logs in IBM
QRadar.
Before you begin
Your log files must be in syslog format and be less than one GB in size.
Procedure
-
Open the IBM
QRadar Experience Center
app.
-
Upload your log file to QRadar by completing the following
steps:
-
Click Upload logs to QRadar.
-
Select the log file that you want to upload and click Open.
-
Click Next.
- Optional:
To prevent QRadar from reporting a log source
as Unknown, configure a log source identifier.
QRadar reports a log source
as Unknown only when it cannot be auto-detected.
-
On the Play logs in QRadar screen, click the arrow next to the log file
that you want to play.
-
Analyze the events that were generated by the log file.
-
Click the Log Activity tab.
-
To select a single event to review, click the Pause icon to pause
streaming, and then double-click the event.