Viewing flow data from a specific flow source in QRadar Network Insights

Use the Network Activity tab to view flows that are received by IBM QRadar. You can apply a filter to view flows that are received from a specific flow source.

Before you begin

Ensure that the flow source is added to the deployment and that the flow source is enabled.

About this task

Procedure

  1. Click the Network Activity tab.
  2. Click Add Filter, and select the criteria that you want to match.
    Tip: Reduce the options in the Parameter list by typing keywords. For example, you can type flow to find all the flow parameters.
    The filter is applied, and the search results are shown. You can add more filter parameters to further reduce the result list.

Results

The Flow Interface column that appears in the result list might appear differently, depending on which QRadar version you are using.

In QRadar Network Insights V7.3.3 or earlier, the Flow interface value is a combination of <flow_processor_component>_<hostname>:<qni_hostname>. For example, if your flow processor hostname is qfp1 and your QRadar Network Insights hostname is qni1, the Flow interface shows qfp1:qni1.

In QRadar Network Insights V7.4.0, the Flow interface shows the host name of the network interface on the managed host that received the flow. Using the example above, the Flow interface on an appliance that uses a Napatech card shows qni1:napatech0.