SQL INJECTION

Good afternoon
I need help creating a search for SQL injection in ArchSight - ESM and also in ArchSight - Logger, which option should I go to in the tool to configure this and what parameters should I enter to make this type of search work?