...
Domain/IP to your Snare Central destination
Port to 6161
Protocol to UDP or TCP (recommended)
Format to SNAREQRadar
To send logs directly to QRadar:
Domain/IP to your QRadar destination
Port to 514
Protocol to UDP or TCP (recommended)
Format to SYSLOG (RFC3164) or other. LEEF may be use though the Port will require updating.
...