Hello,

we have a multi-tenanted environment running 7.5.0 UP3.

We would like to provide to one of our tenants the System Monitoring dashboard showing the EPS Time series (for himself only), but the time series is showing empty and also if I open the saved search in log activity it does not show anything (see below):

The AQL query is as follows:

SELECT "Parent" AS 'Parent (custom)', AVG("Events per Second Coalesced - Peak 1 Sec") AS 'Events per Second Coalesced - Peak 1 Sec (custom) (Average)', AVG("Events per Second Raw - Peak 1 Sec") AS 'Events per Second Raw - Peak 1 Sec (custom) (Average)', AVG("Events per Second Coalesced - Average 1 Min") AS 'Events per Second Coalesced - Average 1 Min (custom) (Average)', AVG("Events per Second Raw - Average 1 Min") AS 'Events per Second Raw - Average 1 Min (custom) (Average)', COUNT(*) AS 'Count' from events where ( "Parent" != 'null' AND "deviceType"='147' ) AND ( icu4jsearch('Events per second', payload) != -1 AND icu4jsearch('StatFilter', payload) != -1 ) GROUP BY "Parent" order by "Count" desc LIMIT 1000 last 15 minutes

Could the issue be related to the permissions the user has been assigned in "User Roles" ? This user is not admin and also is not Delegated Admin for his tenant.

Is there a way a user with permissions limited to his own tenant logs only can add a dashboard showing time series EPS (and FPM obviously) to his dashboard?

Thanks,

Davide

Hi, I really don't know how to segment permissions using Qradar's generic dashboard. I would use Pulse since this app is very versatile for this type of presentation because it allows the AQL to be executed directly. It also gives the end user the opportunity to create filters using times, dates or components. In addition, it lets you configure dashboards in a more professional, organized and beautiful way.

From the user roles section you can create one so that the user has access only to pulse. And you configure the security profile according to what you need.

https://exchange.xforce.ibmcloud.com/hub/extension/f4a537a424977e155105d8aa9f5283c3

Hello,

we have a multi-tenanted environment running 7.5.0 UP3.

We would like to provide to one of our tenants the System Monitoring dashboard showing the EPS Time series (for himself only), but the time series is showing empty and also if I open the saved search in log activity it does not show anything (see below):

The AQL query is as follows:

SELECT "Parent" AS 'Parent (custom)', AVG("Events per Second Coalesced - Peak 1 Sec") AS 'Events per Second Coalesced - Peak 1 Sec (custom) (Average)', AVG("Events per Second Raw - Peak 1 Sec") AS 'Events per Second Raw - Peak 1 Sec (custom) (Average)', AVG("Events per Second Coalesced - Average 1 Min") AS 'Events per Second Coalesced - Average 1 Min (custom) (Average)', AVG("Events per Second Raw - Average 1 Min") AS 'Events per Second Raw - Average 1 Min (custom) (Average)', COUNT(*) AS 'Count' from events where ( "Parent" != 'null' AND "deviceType"='147' ) AND ( icu4jsearch('Events per second', payload) != -1 AND icu4jsearch('StatFilter', payload) != -1 ) GROUP BY "Parent" order by "Count" desc LIMIT 1000 last 15 minutes

Could the issue be related to the permissions the user has been assigned in "User Roles" ? This user is not admin and also is not Delegated Admin for his tenant.

Is there a way a user with permissions limited to his own tenant logs only can add a dashboard showing time series EPS (and FPM obviously) to his dashboard?

Thanks,

Davide