IBM QRadar

I wanted to get Identity Information (Host, IP and MAC) out of an event and used the DSM to extract the properties. I had to extract the EventID first to get the event parsed, then the fields mentioned above got populated in DSM but still not in Log Activity. After setting a static Category the fields where visible in Log activity as well but EventID and Category are still only displayed in DSM, but not in Log Activity.

Martin,

I believe that this is currently being investigated for another user. I saw a reported issue where "DSM Editor override on identity specific properties are not appearing as expected in log activity", which sounds a lot like what you mentioned in your post.

I think you should probably get this logged as a case, if you haven't already. There was some testing going in the lab on our 7.4.2 Fix Pack 2 support boxes. A case would help us confirm though. If this is happening on a supported log source type, make sure you include that information and the steps that appear to cause the issue. Depending on your version, there might be a problem where the override for identity fields is causing an issue where QIDs are not lining up.

Log a case, if you haven't done so yet. Mention this forum post or link to this post in your case and mention XF-3193. This number will help Support reference this issue and might streamline your case when reviewed.