Question & Answer
Question
How can you manage large search result data on a daily basis?
Answer
Steps to manage Search Results:
- Log in to the QRadar User Interface.
- Open the Admin settings:
- In IBM Security QRadar V7.3.1, click the navigation menu , and then click Admin to open the Admin tab.
- In IBM Security QRadar V7.3.0 or earlier, click the Admin tab.
- Click on the System settings icon within the System Configuration section.
- Select the Ariel Database Settings in the left hand column to bring you to the appropriate settings.
- Change the Search Results Retention Period setting to the number of days, weeks, or months that are desired to retain the search results.
Note: If you select 1 day, then after 24 hours from that time, your search results will be cleared for all users. The default is 1 day.
Results: You can now modify the default Search Results Retention Period.
Where do you find more information?
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Admin Console","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8;7.2","Edition":"All Editions","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21903549