This is most likely caused by the “qidmapid” column having NULL values in the “dsmevent” table.
First, check for NULL values:
psql -U qradar -c “Select * from dsmevent where qidmapid IS NULL and where devicetypeid=XXX;”
If there are NULL values, run the following command:
psql -U qradar -c “delete from dsmevent where qidmapid is NULL and devicetypeid=XXX;”
Detection knowledge repository – by Daniel Koifman