A Pattern Filter is a user configured setting that can be used to
limit queries to specific events. When a Pattern Filter is generated on the
SAP server, a Filter Id is provided. The Filter Id can
then be entered into the Pattern Filter Id field of the QRadar® log source to filter the
patterns that are retrieved.
Procedure
-
To create the Pattern Filter on the SAP Server, use the following
steps:
-
Log in into the SAP server by using the administrator user name and password.
-
Go to .
-
Select Pattern Filter and click Add.
-
Enter a name for the Pattern Filter. This name is only used for
identification purposes.
Note: The name appears in the Name Column with a corresponding
Filter Id (UUID). Record the Filter Id for future
reference.
-
Click the pattern filter name to see a new table with Namespace as a
column header.
-
To add patterns to the Pattern Filter, click
Add.
Note: A new window appears called Pattern.
-
Select any Pattern you want to filter on and click
OK.
-
Refresh the page and ensure that the Pattern was added to the table with
the Namespace header.
-
To use a Pattern Filter with QRadar, use the following
steps:
-
Either select or create an SAP ETD Alert API log source.
-
Find the Use Pattern Filter Id check box and select it.
-
Enter the Filter Id obtained in step 1d and enter it in the
Patter Filter Id field.
-
Save the log source.
Note: If you receive a 500 Internal Server Error after you save the log source with the
Filter Id, double check that there is at least one pattern that is being
filtered for.