Filtering log sources
Filter your log sources to show only the ones that you need. When you open the QRadar® Log Source Management app, a list of log sources appears with 20 items. You can click other columns to change the sorting order, and change the number of items that are displayed in the list.
Procedure
- Search for a log source by using one of the following methods.
- To search by text in the Search bar, enter the full or partial log source name, description, or log source identifier. Only the log sources that match the search string are displayed.
- To use the advanced search, in the Search bar, type advanced:
<your filter string> For information about the API filter syntax, see Filter syntax
(https://www.ibm.com/docs/en/qsip/7.5?topic=versions-filter-syntax.html)
For a list of log source fields, see GET /config/event_sources/log_source_management/log_sources (https://ibmsecuritydocs.github.io/qradar_api_19.0/19.0--config-event_sources-log_source_management-log_sources-GET.html)
- To search by filters, in the Filter pane, select one or more checkboxes to show only log sources that match the criteria.
- To add a column to the list of log sources, click Manage Columns and
select the checkbox for the column that you want to display.
To change the column order, hover over the icon (
), and drag the columns to arrange them in the order that you want them to
display.
Each filter shows a count of the number of options for that filter. Each option in a filter also has a count, which indicates how many log sources match the option for the filters that you apply. If the filters exclude log sources that match the option, this number might decrease as you apply more filters.