Custom Event Properties in the Operations app
The IBM® QRadar® Operations app includes several custom event properties. Use custom event properties to search, view, and report on information within logs that QRadar does not typically normalize and display.
The following table shows the custom event properties that are included in the Operations app.
Custom Event Property | Regex |
---|---|
Ariel API Method | Method=([A-Z]+) |
Ariel API Path |
|
Ariel Aggregates | Aggregates:(.*)"{1} |
AQL Statement | AQL:(.*)"{1} |
Ariel Criteria | Filters:(.*), Columns |
Ariel Columns | Columns:(.*)"{1} |
Ariel Database | DB:<(.*?)> |
Ariel Username | User:(.*?),Source |
Ariel Cursor ID | Params:Id:(.*?), |
Ariel Source | Source:([A-Z]*) |
Ariel Criteria Time | Time:<(.*?)> |