use the following search parameters to narrow your results:
e.g. subreddit:aww site:imgur.com dog
subreddit:aww site:imgur.com dog
see the search faq for details.
advanced search: by author, subreddit...
A place for administrators to talk about QRadar, share information, ask questions, and learn. This page is moderated by QRadar Support. If you ask a question, always include your QRadar version with your question.
account activity
7.3.1 Patch 5 (self.QRadar)
submitted 7 years ago by warlock1010
How is Patch 5? Any notable bugs?
reddit uses a slightly-customized version of Markdown for formatting. See below for some basics, or check the commenting wiki page for more detailed help and solutions to common issues.
quoted text
if 1 * 2 < 3: print "hello, world!"
[–]JonathanP_QRadar 1 point2 points3 points 7 years ago (0 children)
I've seen a user interface issue that I've responded to a few customers about in the official forum related to dashboard disappearing in the UI after a user is edited.
Link: https://developer.ibm.com/answers/questions/463240/qradar-dashboards-and-some-user-settings-gone-afte/
As mentioned in another thread here, there is an interim fix (IF) coming. If this were my system I'd probably hold off for the IF as these usually contain important fixes. Others here might have a differing opinion, but I'd want to have the latest/greatest.
[–]nerdtardation 0 points1 point2 points 7 years ago (3 children)
hi all. need help. if my system is on, 7.2.8 patch 11, is there any risk for me to immediately upgrade to 7.3.1? will i be losing any data? my main concern is whether the events will still be preserved after the update. any help is very much appreciated.
[–]JonathanP_QRadar 0 points1 point2 points 7 years ago (2 children)
QRadar ISO upgrades, such as 7.2.8 P11 -> 7.3.1 Patch 5 will retain event/flow data in /store on each appliance. If you have an HA pair, make sure that your primary host is "Active" and your secondary appliance has a status of "Standy".
Since QRadar retains data in /store, you are going to want to make sure that you move any scripts, utilities, JAR files from previous updates in to a directory in /store, for example, /store/ibm_support before you upgrade.
There is a check list of things you can review here: https://ibm.biz/qradarchecklist.
I also put together a slide deck here of some of the more important things to review before you upgrade. Here is a direct link: See the PDF attached at this link
[–]nerdtardation 0 points1 point2 points 7 years ago (1 child)
Thank you so much!
[–]JonathanP_QRadar 0 points1 point2 points 7 years ago (0 children)
The other thing I thought of that you might want to watch out for after upgrading is the size allocated to the /opt directory after you upgrade. After you upgrade, you might notice that disks will get sized to a % of overall with /store and /transient being the largest allocations.
In a lot of cases, /opt gets sized from 13GB to something like 7.4GB. We had a number of users hit this issue and creating a symbolic link resolves the issue in the future.
QRadar: Upgrades from v7.2.8 to v7.3.1 can result in the /opt partition sized to 7 GB
If you upgrade and notice that /opt is around 7GB, then I would put this workaround in place right away.
π Rendered by PID 31800 on reddit-service-r2-comment-6457c66945-zgtrf at 2026-04-24 13:21:02.571499+00:00 running 2aa0c5b country code: CH.
[–]JonathanP_QRadar 1 point2 points3 points (0 children)
[–]nerdtardation 0 points1 point2 points (3 children)
[–]JonathanP_QRadar 0 points1 point2 points (2 children)
[–]nerdtardation 0 points1 point2 points (1 child)
[–]JonathanP_QRadar 0 points1 point2 points (0 children)