Adding parameters to AQL-based widgets

In this example scenario, you create two parameters and add them to the Top 10 Log Sources widget in the Events and flow metrics dashboard.

1. Click More options > Manage Parameters.
2. Click Add and create two parameters: one called Time Period with a value of HOURS, and one called Time Value with a value of 2. Click Save after you create each parameter. The parameters are available for all widgets in your workspace.
3. Click Back to Dashboard.
4. On the Top 10 Log Sources widget card, click the Edit Item icon.
   In the AQL Statement field, the query looks like one of the following examples. The first example is the default; the second example has been modified for compatibility with an IBM® QRadar® 7.3.1 deployment (for more information, see Known issues):

   SELECT logsourcename(logsourceid) AS 'MY Log Sources',
   LONG(SUM(eventcount) / ((MAX(endTime) - MIN(startTime) + 1) / 1000.0)) as event_rate
   FROM events
   GROUP BY logsourceid
   ORDER BY event_rate DESC
   LIMIT 10
   LAST 2 HOURS

   SELECT logsourcename(logsourceid) AS 'MY Log Sources',
   LONG(if (MAX(endtime) > MIN(startTime) )
   then (SUM(eventcount)/((MAX(endtime) - MIN(starttime))/1000.0))
   else SUM(eventcount)) as event_rate
   FROM events
   GROUP BY logsourceid
   ORDER BY event_rate DESC
   LIMIT 10
   LAST 2 HOURS

5. To modify the query in the AQL Statement field, take the following steps:
   1. Replace HOURS by clicking the Insert Parameter icon, and then click Insert for the Time Period parameter.
   2. Replace 2 with Time Value, and then click Run Query. The updated query looks like one of the following examples:

      SELECT logsourcename(logsourceid) AS 'MY Log Sources',
      LONG(SUM(eventcount) / ((MAX(endTime) - MIN(startTime) + 1) / 1000.0)) as event_rate
      FROM events
      GROUP BY logsourceid
      ORDER BY event_rate DESC
      LIMIT 10
      LAST {Time Value} {Time Period}

      SELECT logsourcename(logsourceid) AS 'MY Log Sources',
      LONG(if (MAX(endtime) > MIN(startTime) )
      then (SUM(eventcount)/((MAX(endtime) - MIN(starttime))/1000.0))
      else SUM(eventcount)) as event_rate
      FROM events
      GROUP BY logsourceid
      ORDER BY event_rate DESC
      LIMIT 10
      LAST {Time Value} {Time Period}

6. After the query runs successfully, click Save.

Results

The new parameters are added to the Parameters card, and are prefaced by an asterisk (*) to indicate that they are default values for the workspace. Only parameters that are used by the widgets in this dashboard appear in the Parameters card. System parameters are read only.