IBM Support

IJ33166: AGGREGATED SEARCHES ARE SHOWING THE WRONG FLAG FOR SOME IP ADDRESSES

Subscribe to this APAR

By subscribing, you receive periodic emails alerting you to the status of the APAR, along with a link to the fix after it becomes available. You can track this item individually or track all items by product.

Notify me when this APAR changes.

Notify me when an APAR for this component changes.

 

APAR status

  • Closed as program error.

Error description

  • In some instances, customers might see missing flags in the Log
Activity tab for an aggregated search.
Steps to reproduce
1) Click the Log Activity tab.
2) Click Search > New Search.
3) Click Recent > Last 5 Minutes.
4)  in Column Definition add Source or Destination IP to Group
By.
5) Click Search.
6) Click Save Criteria .
7 ) Add Search Name > click OK .
8) Click the Admin tab.
9) During a maintenance window Deploy Changes Full
Configuration.
10) After Changes deploy, click the Log Activity tab and run the
search again.
Result: Many IP addresses show a different flag in Source IP
column and Destination IP versus Source or Destination IP.

Local fix

  • No workaround available.
APARs identified with no workaround may require a software
delivery to resolve. This reported issue will be considered for
a future release and administrators can subscribe to the APAR to

get updates by clicking on the Subscribe button on the right
side of this page or ask a question about this APAR in our
Support Forums.
https://ibm.biz/qradarforums

Problem summary

  • This issue has been resolved in QRadar 7.5.0 Update Package 6.

Problem conclusion

  • This issue has been resolved in QRadar 7.5.0 Update Package 6.

Temporary fix

  • 



Comments


    

  • 



APAR Information




    

  • APAR number
    IJ33166
    • 

  • Reported component name
    QRADAR SOFTWARE
    • 

  • Reported component ID
    5725QRDSW
    • 

  • Reported release
    742
    • 

  • Status
    CLOSED  PER
    • 

  • PE
    NoPE
    • 

  • HIPER
    NoHIPER
    • 

  • Special Attention
    NoSpecatt / Xsystem
    • 

  • Submitted date
    2021-06-10
    • 

  • Closed date
    2023-06-26
    • 

  • Last modified date
    2023-06-26
    • 





    

  • APAR is sysrouted FROM one or more of the following:
    

    • 

  • APAR is sysrouted TO one or more of the following:
    

    • 



Fix information


    

  • Fixed component name
    QRADAR SOFTWARE
    • 

  • Fixed component ID
    5725QRDSW
    • 



Applicable component levels


    








      
              
                            

              

              [{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"742","Line of Business":{"code":"LOB24","label":"Security Software"}}]
              

                          

          
 
        

      

    

      

        

          

            
Document Information


            

            


                        

            Modified date:
            

            26 June 2023
            

            
                      

        


        

        


      

    

  



    

  

  
    
            

          
Page Feedback