QRadar: Finding the LogSourceID for the AQL LogSourceName function

Question & Answer

Question

How can you find the LogSourceID parameter to use with the LogSourceName AQL function?

Cause

The LogSourceName Ariel Query Language (AQL) function has an expected input type of numeric, named LogSourceId, that is not immediately visible in the UI.

Answer

LogSourceID is a numeric value that is associated with each log source that uniquely identifies the log source. Its value can be obtained by hovering over the Log Source column for any event originating from the Log Source being targeted as shown in the example below.

Further information on Ariel Query Language (AQL), including on other AQL functions, is available at IBM Knowledge Center.

Where do you find more information?

[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]

Tips

QRadar: Finding the LogSourceID for the AQL LogSourceName function

Question & Answer

Question

Cause

Answer

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?