Hi Aleksander,
If you are going the custom DSM/Universal DSM way, you do not need to change anything.
1) Create a log source. You said you already did that so it should be fine
2) Go to log activity and search for these events. After searching select 2 or 3 events and go to Actions drop down at the top and select DSM editor. Now DSM editor should open and should display selected events in Workspace. Choose log source type "Universal DSM" if asked.
2) Go to Event Mappings > Click on the "+" symbol. This should open a Event ID and Event Category fields to be filled.
3) Click on Choose QID and then click on "Create New QID Record"
4) You should get a QID Records page
Write a human understandable Name, for example, "Cisco Drop Rate Exceeded" and a description. The Name will be your Event name. Keep Log Source Type as Universal DSM. Event category can be anything you want, for example, LLC can be Alert. This will create a QID which QRadar mapps to every event. Select high level category and low level category from the drop down as you see fit. Then save.
5) You will get your QID number written in QID/Name field. Copy it for future reference.
6) Go into Event Mappings > Select the entry and select edit > Search for the QID with the QID number copied and click save. This should save the mapping for that events.
7) Now the events should come as the event name and category what you configured.
NOTE : You can also create a QID on CLI with the following command:
/opt/qradar/bin/qidmap_cli.sh -c --qname "name" --qdescription "description" --severity 1-10 --lowlevelcategoryid categoryid where you can find the categoryid with /opt/qradar/bin/qidmap_cli.sh -l