IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

 View Only
Back to discussions
Expand all | Collapse all

How to delete specific events from QRadar Ariel DB?

  • 1.  How to delete specific events from QRadar Ariel DB?

    Posted Tue March 15, 2022 03:05 PM

    Hello,

    we would want to remove some specific event from Ariel DB.

    During January and February some misconfiguration on customer infrastructure caused a large amount of DNS events to fill a large amount of disk on event processor; we tried to configure a specific bucket for these events which deletes them after 1 week but it does not work..probably they have already been assigned to default retention bucket.

    I've seen that a tool exist to remove events from Ariel DB:

    https://www.ibm.com/docs/no/qradar-common?topic=spot-removing-data-from-ariel-database

    Can you clarify how to use this tool and if we need to pay attention to something before running this tool?

    Thanks

    Davide



    #QRadar
    #Support
    #SupportMigration


  • 2.  RE: How to delete specific events from QRadar Ariel DB?

    Posted Fri April 08, 2022 12:32 PM

    Hi,

    any possible solution to this issue?

    Davide



    #QRadar
    #Support
    #SupportMigration


Related Content