Previous Topic: Open Query Design WizardNext Topic: Add Query Columns

Administration GuideQueries and ReportsHow to Create a QueryAdd Query Details

Add Query Details

The first step in creating a query is entering identifying information and setting any tags you want to include.

To add a new query

  1. Open the query design wizard.
  2. Type a required query name, and optional short name for use in reports. The short name appears in the individual query pane when the query is included in a report.
  3. Select the connection type you want. UARM Default appears in the drop-down list, along with the names of any ODBC connections set up in the Report Service area.
    UARM Default

    Targets your query to the internal event or incident databases.

    ODBC Connections

    Targets your query to an external ODBC table you select. The Table drop-down list is populated with any views in your target database.

  4. Select the table you want your query to apply to.

    If you selected UARM Default, select one of the following:

    Event

    Applies the query to the event database, which stores all raw and refined event information received by the current server, or available through federation.

    Incident

    Applies the query to the incident database, which stores incidents created by the event correlation system, and the event information used to create those incidents. Correlation rules control the specific components of an event that are used to create an incident.

    If you selected Custom Connection, choose the ODBC table you want. The list is populated with tables from the ODBC connection you selected.

  5. Type any design notes you want in the Description entry field.

    Note: We recommend using this field for information about the query structure. For example, it could contain an explanation of why the query contains certain fields and function.

  6. Select one or more tags that you want your query to be associated with using the Tags shuttle control.
  7. (Optional) To add a custom category tag, enter a tag name in the Add Custom Tag entry field, and click the Add Tag button.

    The custom Tag appears, already selected, in the Tags shuttle control.

  8. (Optional) To add a nested custom tag, select a tag or type the parent tag name, followed by a backslash, followed by the name of the child tag, then click Add Tag. For example, you could type: "Regulations\Industry Standards". You can add additional tags, maintaining the format: a\b\c, and so on.

    Note: If you delete one of the custom nested tags, all the custom tags in which it is nested are also deleted, including the parent tag. If you nest a custom tag inside a subscription tag, and then delete it, only the custom tags are deleted.

    When you complete the process, the new tags appear in the list, with the nested custom tags visible when you expand the parent tag.

  9. Click the appropriate arrow to advance to the query design step you want to complete next, or click Save and Close.

    If you click Save and Close, the new query appears in the Query List, otherwise the query design step you choose appears.

More information:

How to Create a Query

Tag Tasks