Adding bulk log sources
Use the QRadar® Log Source Management app to add multiple log sources to IBM® QRadar at the same time. You can add as many log sources as you want.
If you are using QRadar V7.3.0 or earlier, you can add a log source in QRadar only by using the Log Sources icon.
In QRadar 7.5.0 Update Package 4 and later, when you click the Log Sources icon, the QRadar Log Source Management app opens.
- In the QRadar Log Source Management app, click + New Log Source and then click Multiple Log Sources.
- On the Select a Log Source type page, select a log source type and click Select Protocol Type.
- On the Select a protocol type page, select a protocol type and click Configure Common Log Source Parameters.
- On the Configure the common Log Source parameters page, configure the parameters that you want to set for all of the log sources.
- If you have log sources that have different log source parameter values, clear the relevant check boxes, and then click Configure Common Protocol Parameters.
- On the Configure the common protocol parameters page, configure the protocol-specific parameters that you want to set for all of the log sources.
- If you have log sources that have different protocol parameter values, clear the relevant check boxes, and then click Configure Individual Parameters.
- On the Configure the individual parameters page, upload a CSV file
that contains the individual log source parameter values, and click Add.
A log source is created for each line of this file, except for empty lines and comment lines that begin with a hashtag (#). Each line must contain the comma-separated list of parameter values for the Log Source Identifier field, and any other deferred parameters, in the order shown in the deferred parameters table.
- Click Bulk Template to download the file template and add the
parameters that you want to configure, in order. For example, if you deferred the Enabled and Groups parameters, the CSV file must contain the following values:
Enabled, Groups, Log Source Identifier
If you include a comma in a parameter, enclose the value in double quotation marks.
- If you do not upload a CSV file:
- Click Manual to specify the values for the parameters that you deferred.
- Enter a Log Source Identifier for each new log source and click Add.
- Click Finish.