Forum Discussion

DanB's avatar
DanB
Icon for Advisor rankAdvisor
5 years ago

Dynamic Group Custom Query Examples

Hello, so I was wondering if it was possible to create a Dynamic Device Group based on if box(es) were running a particular windows service ("ServiceNow").

I was looking at the Dynamic Device Group help and it only had a few examples for the custom query. Is there a full, comprehensive list of what options are available?  Example the "hascategory()" function/test is listed where exactly in the help?

And back to my original request can a Dynamic Device Group, group the machines that are running a particular Windows Service?

I couldn't figure this out so I just went with a new Property Source definition and cloned and existing one that looked at all Windows Services on a box and tested if each one contained "ServiceNow" and then added the Category "ServiceNow" to the host. Then my DDG groups all these boxes based on "hasCategory("ServiceNowMID")

The Property Source script cloned/used:

import com.santaba.agent.groovyapi.win32.WMI;
//==================================
def host = hostProps.get("system.hostname");
// get a list of running services
def service_list = WMI.queryAll(host, "select * from win32_service");
def datacoreServices = service_list.findAll
{ service ->
    service["DISPLAYNAME"].contains("ServiceNow MID")
}
// Did we find any ServiceNow MID Services?
if (datacoreServices.size() > 0)
{
    println "system.categories=ServiceNowMID";
}
return(0);
//=== END ====

But if there is a more efficient way to do this please let me know. I think querying all the services an all isWindows() boxes is pretty expensive in terms of processing. What is a better wmi query to check for specifically a particular Windows Service that contains "xxxx"

Thank you,

 

 

  • Anonymous's avatar
    Anonymous
    16 minutes ago, mnagel said:

    It is not as modular, but is more efficient.

    Agreed.

    Dynamic group rules use the same syntax as AppliesTo. The only difference is that AppliesTo in a Dynamic group cannot use inherited properties whereas AppliesTo in a LogicModule can.

  • PropertySources generally run only once per day or if triggered manually (I don't think they yet have an execution interval you can define, though I'm told that will be true someday).

    However, you can run a WMI query looking for just a specific service as part of the query itself, you don't have to run a full table scan and then examine the results in the code. If you do want to enumerate all services, then you might consider having that one PropertySource generate all the service-based categories you would need.  It is not as modular, but is more efficient.