IBM DLC Metrics sample event message
Use this sample event message to verify a successful integration with IBM QRadar.
Important: Due to formatting issues, paste the message format into a text editor and
then remove any carriage returns or line feed characters.
IBM Disconnected Log Collector sample message when you use the Syslog protocol
The following sample event message is a standard IBM® DLC Metrics message that contains data for one of the Disconnected Log Collector device metrics in the payload.
<134>1 2020-07-30T15:01:00.759-04:00 ibm.dlcmetrics.test DLC 6074 - - [NOT:0000006000][10.0.2.3/- -] [-/- -]LEEF:1.0|IBM|DLC|1.6.0.dev.0|DLCMetrics|
src=10.0.2.3 InstanceID=c9fb78ae-41f5-4f8d-8d61-43a87b7e3bc0 ComponentType=sources ComponentName=Source Monitor MetricID=EventRate Value=96.6
QRadar field name | Highlighted values in the event payload |
---|---|
Event ID | DLCMetrics |
Source IP | 10.0.2.3 is extracted from the src parameter. |
Device time | 2020-07-30T15:01:00.759-04:00 |
Log Source Identifier | ibm.dlcmetrics.test |
Tip: The Event Category value in QRadar is always
IBMDLCMetrics.