Enabling QRadar DNS Analyzer support for INDEXING
The Index Management window lists all event and flow properties that
can be indexed and provides statistics for the properties. Toolbar options allow you to enable and
disable indexing on selected event and flow properties. You must select
dns_event_flag
and dns_flow_flag
in the Index Management list to
enable QRadar DNS Analyzer support for INDEXING of DNS data to improve performance.
About this task
Modifying database indexing might decrease system performance. Ensure that you monitor the statistics after you enable indexing on multiple properties.
Procedure
Results
In lists that include event and flow properties, indexed property names are appended with the following text: [Indexed]. Examples of such lists include the search parameters on the Log Activity tab, Network Activity tab, Save Criteria window, and Add Filter window.