Troubleshooting
Problem
The QRadar Console user interface (UI) is taking longer than usual to load pages, and deploys are intermittently timing out.
Cause
QRadar notifications are grouped by string searches, which consume resources. If a notification has more than 1000 elements, system performance diminishes.
Resolving The Problem
- From the QRadar user interface (UI) Console, open notifications by selecting the bell icon:
Note: the icon might contain a red dot indicator for new notifications. - Verify that no notifications have more than 1000 elements:
- Optional: if the notification is needed for investigations, export the events.
- Select 'x' icon to remove, from the notification view, any notifications that have more than 1000 elements:
Note: Removing the notifications does not remove them from logs or Log Activity searches, nor would it prevent the notification from reoccurring. Review the additional documents here for more information on managing high frequency notifications to address excessive recurring notifications.
Related Information
Document Location
Worldwide
[{"Type":"MASTER","Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwsyAAA","label":"Admin Tasks"}],"ARM Case Number":"TS013043184","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
11 July 2023
UID
ibm17009025