IBM Support

QRadar: Finding the LogSourceID for the AQL LogSourceName function

Question & Answer


Question

How can you find the LogSourceID parameter to use with the LogSourceName AQL function?

Cause

The LogSourceName Ariel Query Language (AQL) function has an expected input type of numeric, named LogSourceId, that is not immediately visible in the UI.

Answer

LogSourceID is a numeric value that is associated with each log source that uniquely identifies the log source. Its value can be obtained by hovering over the Log Source column for any event originating from the Log Source being targeted as shown in the example below.



Further information on Ariel Query Language (AQL), including on other AQL functions, is available at IBM Knowledge Center.

Where do you find more information?



[{"Product":{"code":"SSBQAC","label":"IBM QRadar SIEM"},"Business Unit":{"code":"BU008","label":"Security"},"Component":"Integrations - 3rd Party","Platform":[{"code":"PF016","label":"Linux"}],"Version":"7.2","Edition":""}]

Document Information

Modified date:
16 June 2018

UID

swg21986261