Creating a pattern filter on the SAP server
A Pattern Filter is a user configured setting that can be used to limit queries to specific events. When a Pattern Filter is generated on the SAP server, a Filter Id is provided. The Filter Id can then be entered into the Pattern Filter Id field of the QRadar® log source to filter the patterns that are retrieved.
To create the Pattern Filter on the SAP Server, use the following
- Log in into the SAP server by using the administrator user name and password.
- Go to .
- Select Pattern Filter and click Add.
Enter a name for the Pattern Filter. This name is only used for
Note: The name appears in the Name Column with a corresponding Filter Id (UUID). Record the Filter Id for future reference.
- Click the pattern filter name to see a new table with Namespace as a column header.
To add patterns to the Pattern Filter, click
Note: A new window appears called Pattern.
- Select any Pattern you want to filter on and click OK.
- Refresh the page and ensure that the Pattern was added to the table with the Namespace header.
To use a Pattern Filter with QRadar, use the following
- Either select or create an SAP ETD Alert API log source.
- Find the Use Pattern Filter Id check box and select it.
- Enter the Filter Id obtained in step 1d and enter it in the Patter Filter Id field.
Save the log source.
Note: If you receive a 500 Internal Server Error after you save the log source with the Filter Id, double check that there is at least one pattern that is being filtered for.