A query is an ArcSight resource that defines the parameters of data to gather from an ArcSight data source. The results of the query then become the basis for one or more ArcSight reports or trends. As a data source, queries can use the database of events, assets, cases, notifications, active lists, session lists, or data gathered from a trend.
Queries are described in Queries.
Note: If all you want to do is build a report based on a single query, at this point you can skip to step 4 and select a template. (See Step 4 - Select or Design a Report Template.)
Tip: Queries built for reports can also be used in query viewers.
Query viewers provide several advantages. If you want to run quick SQL queries for monitoring and analysis outside of the reporting resource, you can use query viewers. You can add query viewers to dashboards and generate simple reports on query viewer results.
For information on query viewers, see Query Viewers.