IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  AQL Custom query

    Posted Mon September 18, 2023 04:25 AM

    Good day All

    I am trying to add another host in my Hostname field to extract 2 hostname for one Domain. Please see Statement below.

    SELECT "Hostname" AS 'Hostname (custom)', AVG("Value") AS 'Value (Average)' from events where ( "Metric ID"='EventRate' AND "deviceType"='368' ) AND "Hostname (custom)" = 'host1'
     GROUP BY "Hostname"

    I need to extract host2 in the same select...

    Any advise?



    ------------------------------
    Arno Pretorius
    ------------------------------


  • 2.  RE: AQL Custom query

    Posted Mon September 18, 2023 04:27 AM

    I have cleaned up my query a bit as well

    SELECT "Hostname" AS 'Hostname (custom)', AVG("Value") AS 'Value (Average)' from events where ( "Metric ID"='EventRate' AND "deviceType"='368' AND "Hostname (custom)" = 'host1')
     GROUP BY "Hostname"



    ------------------------------
    Arno Pretorius
    ------------------------------

    Original Message