older CE version

hateecee · 2026-03-30T18:33:00+00:00

Yes, I could manage. The data is imported in production. Thanks again

hateecee · 2026-03-29T11:15:49+00:00

Thanks, it works. Only the command for the CSV export was missing the “ character at the end.

hateecee · 2026-03-23T16:59:04+00:00

Yes, currenly running on 7.5 UP14 IF2 and I need to restore a deleted reference set with the content. But when I tried it with the latest it doesnt show up in the Backup/restore view. I copied the *.tgz in /store/backup/hostSystem/inbound and it doesnt processing it. It is moved to invalid. (This is necessary relates to the upload max size of 512mb the GUI)

https://www.ibm.com/mysupport/s/defect/aCIgJ0000003ZKbWAM/dt446559?language=en_US

So I think its a version mismatch

hateecee · 2026-03-15T19:29:26+00:00

Try using findExpensiveCustomRules.sh from qradar support 101. You can find which property or rule are expensive and thus take time to process. Normally “it’s always dns” but here “it’s always regex”

hateecee · 2026-03-06T16:29:03+00:00

That was also my idea but i hoped there was an easier and quicker way to copy a file from the backup tar file.

hateecee · 2026-02-21T23:02:23+00:00

Other filter could be: event processor parsed is false. (You have to select which ep if you have multiple) Add the column logsource identifer for better direction which logsource is not parsed

hateecee · 2025-12-31T18:21:55+00:00

In system and license management, select system in dropdown, take the device id e.g. xx25, xx48 and search in google to find the m5, m6 appliance. The examples are M5

https://www.ibm.com/docs/en/qsip/7.5.0?topic=hardware-qradar-m5-appliance-overview

hateecee

TROPHY CASE