Question & Answer
Question
This article informs administrators about QRadar® Support policies. This document outlines out-of-scope work for event retention issue cases and the responsibilities of the QRadar administrator.
Answer
Responsibilities for Event Retention cases
Administrators might have issues where data is not retained to meet a company data retention policy or data is kept too long and the disks fill requiring administrative action. This article explains what assistance can be given to administrators for event retention when an issue occurs.
Support type | Description | Responsibility |
Event Retention assistance and error support |
Administrators can use QRadar technical support to assist administrators with event or flow retention issues. For example, QRadar Support can:
Resources
|
QRadar technical support To open a case or report an event retention issue, contact QRadar technical support |
Out-of-scope for QRadar Support |
The following activities are considered out-of-scope for technical support.
Support reserves the right to close cases related to the following issues:
For help with configuring long-term retention or tuning event or flow retention policies, contact IBM Security® Expert Labs
|
|
[{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]
Was this topic helpful?
Document Information
Modified date:
07 January 2022
UID
ibm16497235