Raw Data

Follow the steps below to see the raw data.

1. Go to the Log Activity tab >Advance Search field.
2. In the Advance Search field, post the sample AQL below.

   For more AQLs, please check the Troubleshooting section in this guide.

   SELECT "User ID" , "Source Host Name" , "Asset Name" , "Event UUID" , "Event Alert" , "Severity Level" , "Process Name" , "Process Id" , "Absolute File Path" from events WHERE LOGSOURCENAME(logsourceid) = 'QualysFimMultiline'

3. Select the date range for which you want to see the data.

4. Click Search.

Depending on the results, you can change the date-time range to widen or shorten your search span. You can also execute your own AQL queries to find more appropriate data. Refer to fields in Qualys FIM JSON or Qualys FIM INCIDENTS log source type of DSM Editor to know the Qualys fields.