IBM Support

QRadar: Finding the LogSourceID for the AQL LogSourceName function

Question & Answer


Question

How can you find the LogSourceID parameter to use with the LogSourceName AQL function?

Cause

The LogSourceName Ariel Query Language (AQL) function has an expected input type of numeric, named LogSourceId, that is not immediately visible in the UI.

Answer

LogSourceID is a numeric value that is associated with each log source that uniquely identifies the log source. Its value can be obtained by hovering over the Log Source column for any event originating from the Log Source being targeted as shown in the example below.



Further information on Ariel Query Language (AQL), including on other AQL functions, is available at IBM Knowledge Center.

Where do you find more information?



[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Document Information

Modified date:
16 June 2018

UID

swg21986261