Enabling QRadar DNS Analyzer support for INDEXING

The Index Management window lists all event and flow properties that can be indexed and provides statistics for the properties. Toolbar options allow you to enable and disable indexing on selected event and flow properties. You must select dns_event_flag and dns_flow_flag in the Index Management list to enable QRadar DNS Analyzer support for INDEXING of DNS data to improve performance.

About this task

Modifying database indexing might decrease system performance. Ensure that you monitor the statistics after you enable indexing on multiple properties.

Procedure

  1. On the navigation menu ( Navigation menu icon), click Admin to open the admin tab.
  2. In the System Configuration section, click Index Management.
  3. Select all the following properties from the Index Management list.
    • dns_event_flag
    • dns_flow_flag
  4. Click Save.
  5. Click OK.

Results

In lists that include event and flow properties, indexed property names are appended with the following text: [Indexed]. Examples of such lists include the search parameters on the Log Activity tab, Network Activity tab, Save Criteria window, and Add Filter window.