Rouven is correct.
The drop-down for Predefined Queries in the JDBC log source user interface is intended for vendors who integrate with QRadar. What this field is doing in the background is running a complex query with joins to get the retrieve the data required from different tables. Users who need to get data from multiple tables can create a view / materialized view then poll the view using JDBC as mentioned by Rouven.
That being said, if you think a feature enhancement should be made to JDBC to allow users to create complex queries where materialized views might be restricted in your environment, you can open a Request for Enhancement (RFE) and our Offering Team can review this request. I've heard a few users talk in the support forums (https://ibm.biz/qradarforums) about not being the DBA in their org, so trying to get a view created/maintained is a painful process for them. If that is the case in your situation, then I would suggest getting a RFE created and explain your scenario. If you make your RFE public, other users can vote on them.
Links:
------------------------------
Jonathan Pechta
QRadar Support
------------------------------
Original Message:
Sent: 02-21-2019 02:40 AM
From: Rouven Schierscher
Subject: Custom predefined query for JDBC
Hi Edmond
We had the same problem. Our workaround was to create a new view with all the information we need and to query them.
Regards
Rouven
------------------------------
Rouven Schierscher
Original Message:
Sent: 02-20-2019 01:25 PM
From: Edmond Palcsa
Subject: Custom predefined query for JDBC
Dear All,
Is there any chance to create a custom predefined query for Microsoft SQL JDBC connection, because with the given options we can not query the proper information from the SQL instance.
Thanks,
Edmond
------------------------------
Edmond Palcsa
------------------------------