IBM QRadar

IBM QRadar

Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.

View Only

Back to discussions

Expand all | Collapse all

Select all fields

1. Select all fields

Like
Patrick Barnes
Posted Tue June 04, 2019 09:14 AM

Reply
So when running a search through AQL When you run Select * it does not pull all fields. When you do an export and select Full Export(All Columns) you get everything. Is there a way with AQL to have similar functionality or is there an API call I can make to automatically do the export?

option 1
Select "ALL FIELDS" from events where SOME CONDITION

option 2
select "Dosn't Matter" from events where SOME CONDITION
API Call to perform export of previous search with all fields.

------------------------------
Patrick Barnes
------------------------------

IBM QRadar

Select all fields

1. Select all fields

Additional
Resources

Office

Quick Links

IBM QRadar

Select all fields

1. Select all fields

Related Content

Retrieving Information from QRadar Accumulators Using AQL

New: QRadar Visual Query Builder

Get SIGMA content optimized for QRadar !

All about Routing Rules in IBM QRadar

Detection of Log4Shell (CVE-2021-44228) using QRadar

Additional Resources

Office

Quick Links

Additional
Resources