IBM Security QRadar

 View Only

JDBC Protocol - Timestamp with AM PM format skips logs or events not pulled

  • 1.  JDBC Protocol - Timestamp with AM PM format skips logs or events not pulled

    Posted Mon March 28, 2022 08:00 AM
    We have configured the log source with the compare filed as "timestamp" with TIMESTAMP data type and the data in the View appears in the following format.
    But I notice that, The logs are not pulled if I have in the below format and in other case, qradar JDBC protocol at skip logs are not pulled properly when I have it in AM/PM format time stamp, But it works without any issue if i convert the data type into numeric format.

    In IBM document it mentioned as to use "TIMESTAMP" or "NUMERIC", But when we use TIMESTAMP datatype Qradar JDBC protocol has an issue in pulling record.

    Below is the data type and sample date I tried to pull and its not working.
    Data type : TIMESTAMP
    sample data in compare field: 3/26/2022 12:08:21.000000 PM

    Has anyone experienced the same problem and no where in IBM has a clarity on this and IBM support do suggest to use 24 hours timestamp instead of AM/PM format, But when we try to convert the AM/PM format to 24 hours timestamp oracle doesn't support and throws the error.
    Kindly suggest what is the best and approved format by IBM and a sample data format which works well.



    ------------------------------
    Sekar Oliver Vincent
    ------------------------------