IBM Security QRadar

 View Only
  • 1.  Regex searching in Log source manager

    Posted Mon February 06, 2023 01:23 PM
    Can anyone point me in the direction on how to use regex in the seach field within Log Source Manager?

    For example - Setting a filter on a DSM type (log source type) and then a text search for a logsource name but NOT "DC0"

    I'm sure this was demo'ed by @COLIN HAY in the past but I have lost my notes explaining how to carry it out.​​


  • 2.  RE: Regex searching in Log source manager

    Posted Wed February 22, 2023 03:02 PM

    Hi James 
    Here are two articles that might help you
    https://www.ibm.com/docs/en/dsm?topic=lse-creating-log-source-extensions-document-get-data-into-qradar
    https://www.ibm.com/support/pages/qradar-how-add-time-zones-your-events-dsm-editor
    The second article shows how to add or modify regex in the  DSM editor. 



    ------------------------------
    Curt Wolfson
    ------------------------------