IBM QRadar

 View Only

  • 1.  AQL Cheat Sheet

    Posted Mon February 03, 2020 01:31 PM
    Is there any available cheat sheet of most used AQL queries.

    ------------------------------
    Abdul Qudoos
    ------------------------------


  • 2.  RE: AQL Cheat Sheet

    Posted Mon February 03, 2020 10:58 PM

    Not sure what version of QRadar you are on, but the best cheat sheet is to use the new Show AQL button in QRadar 7.3.2 versions. This allows you to convert any query to view the AQL being run on the back end and understand how the search is run. You can then add QRadar apps or content packs that have searches and view the associated AQL query.

    Here are some links with examples:



    ------------------------------
    Jonathan Pechta
    QRadar Support Content Lead
    Support forums: ibm.biz/qradarforums
    jonathan.pechta1@ibm.com
    ------------------------------

    Original Message


  • 3.  RE: AQL Cheat Sheet

    Posted Tue February 04, 2020 03:34 AM
    If you prefer old-school PDFs, the PDF-based guides are in these locations:



    ------------------------------
    Darren H.
    ------------------------------

    Original Message