IBM QRadar

Greetings,

I have some properties encoded as Base64.

Kindly I need to know the best solution to decode the Base64 property to readable text using AQL.

Kindly advise

You can use the custom AQL function which is part of this content pack on the X-Force App Exchange.

https://exchange.xforce.ibmcloud.com/hub/extension/db91b644801492a45ad194cd4e6a7aa9

Paul

Hello Paul,

I already downloaded and installed this extension and I tried the following AQL syntax but the result is always empty.

select "Property 1" as P1, CODEC::BASE64('d','P1')

from events where LOGSOURCEGROUPNAME(devicegrouplist) = 'Test Group'

Kindly do you have any suggestions regarding this?

The "Property 1" is an alphanumeric property.

Your P1 needs to be in double quotes both times ...

For example - this works just fine on my test system:

Paul

I also tried your example and the search is running normally but the problem is that I am getting blank results with a message at the bottom of the page showing "Refreshing results..."

and it is taking too much time and no results appear

If I limit my search to 1, I got the result instantly