IBM QRadar

Can anyone point me in the direction on how to use regex in the seach field within Log Source Manager?

For example - Setting a filter on a DSM type (log source type) and then a text search for a logsource name but NOT "DC0"

I'm sure this was demo'ed by @COLIN HAY in the past but I have lost my notes explaining how to carry it out.​​

Hi James 
Here are two articles that might help you
https://www.ibm.com/docs/en/dsm?topic=lse-creating-log-source-extensions-document-get-data-into-qradar
https://www.ibm.com/support/pages/qradar-how-add-time-zones-your-events-dsm-editor
The second article shows how to add or modify regex in the  DSM editor. 

------------------------------
Curt Wolfson
------------------------------

Original Message:
Sent: Mon February 06, 2023 11:20 AM
From: James H
Subject: Regex searching in Log source manager

Can anyone point me in the direction on how to use regex in the seach field within Log Source Manager?

For example - Setting a filter on a DSM type (log source type) and then a text search for a logsource name but NOT "DC0"

I'm sure this was demo'ed by @COLIN HAY in the past but I have lost my notes explaining how to carry it out.​​