Analyzing your own QRadar log events

You can use the IBM QRadar Experience Center app to upload and analyze your own logs in IBM QRadar.

Before you begin

Your log files must be in syslog format and be less than one GB in size.

Procedure

  1. Open the IBM QRadar Experience Center app.
  2. Upload your log file to QRadar by completing the following steps:
    1. Click Upload logs to QRadar.
    2. Select the log file that you want to upload and click Open.
  3. Click Next.
  4. Optional: To prevent QRadar from reporting a log source as Unknown, configure a log source identifier.

    QRadar reports a log source as Unknown only when it cannot be auto-detected.

  5. On the Play logs in QRadar screen, click the arrow next to the log file that you want to play.
  6. Analyze the events that were generated by the log file.
    1. Click the Log Activity tab.
    2. To select a single event to review, click the Pause icon to pause streaming, and then double-click the event.

    For more information about analyzing events, see Investigating threats in QRadar.