Troubleshooting
Problem
Administrators can experience issues where a log source type has events that are so similar that Traffic Analysis (TA), which is QRadar’s Log Source Auto Detection engine, incorrectly creates the log source. This is especially true when there are not enough events coming from the log source for Traffic Analysis to correctly identify the log source type. When this occurs, administrators might need to disable the offending log source type.
Document Location
Worldwide
[{"Business Unit":{"code":"BU048","label":"IBM Software"},"Product":{"code":"SSBQAC","label":"IBM Security QRadar SIEM"},"Component":"","Platform":[{"code":"PF016","label":"Linux"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB77","label":"Automation Platform"}}]
Log InLog in to view more of this document
This document has the abstract of a technical article that is available to authorized users once you have logged on. Please use Log in button above to access the full document. After log in, if you do not have the right authorization for this document, there will be instructions on what to do next.
Was this topic helpful?
Document Information
Modified date:
21 July 2021
UID
ibm10886895