QRadar: Troubleshooting graph data in the QRadar Deployment Intelligence (QDI) application

Troubleshooting

Problem

The graph data in health metrics from the QRadar Deployment Intelligence (QDI) app like "License and Event Rate" and "License and Flow Rate" is not displayed. This issue can be caused by changes to Customs Event Property (CEP) regular expressions, duplicate properties with the same name, or if the properties associated to the Health Metrics Log Source Type in QRadar are disabled. All of these issues can be a cause to why graph data does not display as expected.

Symptom

Although event and flow are displayed in Log activity and Network Activity tabs, QID widgets, such as License and Event Rate, License and Flow Rate, or Top 5 Hosts widgets do not display graph data in Dashboard of the QDI application.

image-20181204155540-4
Figured 1: Graph data is not displayed from managed hosts.

[{"Line of Business":{"code":"LOB77","label":"Automation Platform"},"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"ARM Category":[{"code":"a8m0z000000cwt3AAA","label":"QRadar Apps"}],"ARM Case Number":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Version(s)"}]

Log InLog in to view more of this document

This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.

Tips

QRadar: Troubleshooting graph data in the QRadar Deployment Intelligence (QDI) application

Troubleshooting

Problem

Symptom

Log InLog in to view more of this document

Was this topic helpful?

Document Information

UID

Share your feedback

Need support?