Question & Answer
Question
How can I set up a weekly report that displays all of my log sources and total events per log source?
Answer
To create this report please do the following steps:
- Log in to the QRadar console
- Click the Reports tab
- Click Actions > Create
- Select Weekly as the schedule to generate the report
- Click Next
- Select the Layout you would like for the report
- Click Next
- Fill the Report Title field
- Select Events/Logs for the Chart Type
- Fill the Chart Title field
- Set Graph Type as Table
- Click Create New Event Search
- Scroll to the bottom and remove all the columns from the right except Event Count
- Add Log Source column to the Group By box
- Click Preview to verify that the search gives you the results you are requesting
- From the top of the search result click Save Criteria.
- Give the search a name and assign it to a Group.
- Click OK
- Click Save Container Details
- Click Finish
The report will take one week to present the data, if you need the report to present data immediately you need to select the report that you just created. Click Actions > Run Report on Raw Data.
Where do you find more information?
Related Information
[{"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Component":"--","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.3.1;7.3;7.2.8","Edition":"Enterprise","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21693695