IBM Support

QRadar: App or Content Extension installation failed due to property conflict.



When you install a content pack or an application with Custom Event Properties (CEP) from Extension Management, you might see a failure message and the name of the property conflicting. If you try the installation a second time, it fails with error: "An error occurred. See console logs for details."


When a content pack or application is installed, a screen appears with preview about the changes it is installing. If there is a conflicting CEP, it shows a "Failed" message.
For example, "Threat Score" is the name of the CEP in conflict (this name might differ on your system). We are using the Threat Score property as an example throughout the article.


This behavior indicates that a CEP, which is being imported or installed, is in conflict with an existing property. This behavior is expected because QRadar is preserving existing data and does not let existing properties be overwritten.


grep -i conflict /var/log/qradar.log OR grep -i "Property with id" /var/log/qradar.error

Diagnosing The Problem

Log in to the console CLI where the app, content pack, or extension is being installed.
In the QRadar log, search for a more detailed error message with either of these two commands:
grep -i conflict /var/log/qradar.log

grep -i "Property with id" /var/log/qradar.error
Two types of error messages are observed based on above search:

...Conflict during the import of property [File Size], found an existing property with the same name but different type...


...Property with id [e7da1cc0-5bf0-48de-86a9-6af817266c7f] already exists but has a different name...

Resolving The Problem

Check for the property, which was mentioned in the error message, in Postgres:

psql -U qradar -c "select id,propertyname from ariel_regex_property where propertyname = 'File Size';"

 id                                   | propertyname
 5b7b76c8-fa9d-4ad2-91bf-6d69000fbaaf | File Size

psql -U qradar -c "select id,propertyname from ariel_regex_property where id ='e7da1cc0-5bf0-48de-86a9-6af817266c7f';"

 id                                   | propertyname
 e7da1cc0-5bf0-48de-86a9-6af817266c7f | Target User Name
Check whether the property is used, or has a dependency, in any DSMs, rules, or in AQL properties.
If you found no dependencies and the property is not used anywhere, the property can be deleted, or re-created with another name. 
Renaming an existing CEP in the GUI
  1. Navigate to Admin> Custom Event Properties.
  2. Find the conflicting CEP, and double-click it to edit it.
  3. Select New Property instead of Existing Property.
  4. Enter a new name for the same property and click Save at the bottom-right on the page.
If there are dependencies, manually resolve the them either by removing the dependencies or by replacing them with the newly created property. Thereafter you can delete the conflicting CEP and try to install the content pack again.
Note! There might be more than one CEP conflict, you might have to repeat the process for any subsequent CEP conflicts until all naming conflicts are resolved.

Document Location


[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"},{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Versions"}]

Document Information

Modified date:
15 August 2022