• 0

Dynamic Group Custom Query Examples


Question

Hello, so I was wondering if it was possible to create a Dynamic Device Group based on if box(es) were running a particular windows service ("ServiceNow").

I was looking at the Dynamic Device Group help and it only had a few examples for the custom query. Is there a full, comprehensive list of what options are available?  Example the "hascategory()" function/test is listed where exactly in the help?

And back to my original request can a Dynamic Device Group, group the machines that are running a particular Windows Service?

I couldn't figure this out so I just went with a new Property Source definition and cloned and existing one that looked at all Windows Services on a box and tested if each one contained "ServiceNow" and then added the Category "ServiceNow" to the host. Then my DDG groups all these boxes based on "hasCategory("ServiceNowMID")

The Property Source script cloned/used:

import com.santaba.agent.groovyapi.win32.WMI;
//==================================
def host = hostProps.get("system.hostname");
// get a list of running services
def service_list = WMI.queryAll(host, "select * from win32_service");
def datacoreServices = service_list.findAll
{ service ->
    service["DISPLAYNAME"].contains("ServiceNow MID")
}
// Did we find any ServiceNow MID Services?
if (datacoreServices.size() > 0)
{
    println "system.categories=ServiceNowMID";
}
return(0);
//=== END ====

But if there is a more efficient way to do this please let me know. I think querying all the services an all isWindows() boxes is pretty expensive in terms of processing. What is a better wmi query to check for specifically a particular Windows Service that contains "xxxx"

Thank you,

 

 

Link to post
Share on other sites

2 answers to this question

Recommended Posts

  • 0

PropertySources generally run only once per day or if triggered manually (I don't think they yet have an execution interval you can define, though I'm told that will be true someday).

However, you can run a WMI query looking for just a specific service as part of the query itself, you don't have to run a full table scan and then examine the results in the code. If you do want to enumerate all services, then you might consider having that one PropertySource generate all the service-based categories you would need.  It is not as modular, but is more efficient.

Link to post
Share on other sites
  • 0
  • Administrators
16 minutes ago, mnagel said:

It is not as modular, but is more efficient.

Agreed.

Dynamic group rules use the same syntax as AppliesTo. The only difference is that AppliesTo in a Dynamic group cannot use inherited properties whereas AppliesTo in a LogicModule can.

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.