IBM DLC Metrics sample event message

Use this sample event message to verify a successful integration with IBM QRadar.

Important: Due to formatting issues, paste the message format into a text editor and then remove any carriage returns or line feed characters.

IBM Disconnected Log Collector sample message when you use the Syslog protocol

The following sample event message is a standard IBM® DLC Metrics message that contains data for one of the Disconnected Log Collector device metrics in the payload.

<134>1 2020-07-30T15:01:00.759-04:00 ibm.dlcmetrics.test DLC 6074 - - [NOT:0000006000][10.0.2.3/- -] [-/- -]LEEF:1.0|IBM|DLC|1.6.0.dev.0|DLCMetrics|
src=10.0.2.3	InstanceID=c9fb78ae-41f5-4f8d-8d61-43a87b7e3bc0	ComponentType=sources	ComponentName=Source Monitor	MetricID=EventRate Value=96.6
Table 1. QRadar field names and highlighted values in the event payload
QRadar field name Highlighted values in the event payload
Event ID DLCMetrics
Source IP 10.0.2.3 is extracted from the src parameter.
Device time 2020-07-30T15:01:00.759-04:00
Log Source Identifier ibm.dlcmetrics.test
Tip: The Event Category value in QRadar is always IBMDLCMetrics.