You can enable the Quick Filter property to optimize event and
flow search times. You can use the Quick Filter option to search event and
flow payloads by typing free text search criteria.
Procedure
-
Log in to QRadar as an
administrator.
-
Click Admin.
-
On the navigation menu, click System Configuration.
-
Click the Index Management icon.
-
In the Quick Search field, type Quick
Filter.
-
Select the Quick Filter property that you want to index.
You can identify the event and flow Quick Filter properties by using the
value in the Database column.
-
On the toolbar, click Enable Index.
A green dot indicates that the payload index is enabled.
-
Click Save.
-
Click OK.
The selected Quick Filter properties are indexed.
If a list includes
event or flow properties that are indexed, these indexed property names are appended with the
following text:
[Indexed]