IBM QRadar: AQL Queries: Revision history

Diff selection: Mark the radio buttons of the revisions to compare and hit enter or the button at the bottom.
Legend: (cur) = difference with latest revision, (prev) = difference with preceding revision, m = minor edit.

24 March 2025

21 March 2025

19 March 2025

  • curprev 15:1415:14, 19 March 2025Ebasso talk contribs 1,466 bytes +1,466 Created page with "The query below calculates the total uncompressed payload size stored on disk for each log source type in the last hour. SELECT LOGSOURCETYPENAME(deviceType) AS LogSource, MIN(STRLEN(UTF8(payload))) AS Minimum, MAX(STRLEN(UTF8(payload))) AS Maximum, AVG(STRLEN(UTF8(payload))) AS AverageSize, STDEV(STRLEN(UTF8(payload))) AS STD, COUNT(logsourceid) AS EventCount, LONG(EventCount * AverageSize) / (1024 * 1024) as TotalSizeUncompressedMB FROM events GROUP B..."
Retrieved from "https://ebasso.net/wiki/index.php?title=IBM_QRadar:_AQL_Queries"