IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only

  • 1.  AQL Searches and time-based charts

    Posted yesterday
      |   view attached

    Hello,

    we created a time-based dashboard charts that plots the results of an AQL search vs. time:

    SELECT "Hostname" AS 'Hostname (custom)', AVG("Value") AS 'Average FPS', COUNT(*) AS
     'Count' from events where ( "Metric ID"='FlowRate' AND "deviceType"='368' ) AND "Hostname (custom)" <> 'infosec-soc-collector-ktm'
     GROUP BY "Hostname" order by "Count" desc

    In the "Value to Graph" we are not given "Average FPS" option, but the ID of the property (see the attached screenshot): this is not a big issue but the legend on the Y-axis is not so immediate to recognize..how can we edit what is shown on the Y-Axis so that the chart is mode readable?

    B Regards,



    ------------------------------
    Davide Salardi
    ------------------------------


  • 2.  RE: AQL Searches and time-based charts

    Posted 7 hours ago

    Hi Davide

    It appears that you are hitting a known issue - https://www.ibm.com/support/pages/apar/IJ36282

    I would suggest to open a support case referencing the known issue to confirm this.

    Thanks



    ------------------------------
    John Dawson
    Qradar Support Architect
    IBM
    ------------------------------

    Original Message


  • 3.  RE: AQL Searches and time-based charts

    Posted 6 hours ago

    Thanks John,

    we will open a case; now we are on 7.5.0 UP9 but issue was already in place when we were on UP7.



    ------------------------------
    Davide Salardi
    ------------------------------

    Original Message


  • 4.  RE: AQL Searches and time-based charts

    Posted an hour ago

    Thanks for sharing the details (and the query). What you're seeing is expected behavior - by default, the charting engine uses the field ID instead of the alias when plotting values on the Y-axis.

    To make the axis label more readable, you have a couple of options:

    1. Edit the display label: In the chart settings (usually under Format or Axes), you can manually override the Y-axis title and type in something like Average FPS instead of the auto-generated property ID.

    2. Check alias support: Depending on the version, the system may not automatically pick up SQL aliases for chart labels. If that's the case, a manual label override (as above) is the most reliable solution.

    3. Custom visualization (optional): If you need full control, exporting the data (e.g., via CSV or API) and visualizing it in an external tool like Grafana or Tableau would let you fully customize axis labels and legends.

    So in short: the query alias won't change the Y-axis title automatically, but you can edit the axis label in the chart settings to show "Average FPS" (or any custom text you prefer).

    Hope that helps make your dashboard clearer!



    ------------------------------
    Valentina Bruen
    ------------------------------

    Original Message


Related Content