BigFix API Computers in Group with Last Report Time

Greetings all,

I am pretty new to using API calls, especially the BigFix API, so please bear with me here!

What I would ultimately like to happen is my GET shows me all computers in the BigFix Console, in a given group, which haven’t reported in, say, 30 minutes.

I have been able to build an API call that returns all computers in my NVR group. This is step 1.

However, I am a bit confused on how to use the API to query the last report time of the NVR devices. Do I need to somehow make an analysis in the Console that shows devices with a report time > 30 minutes, and then return its results via the API? Or, is there some way to have the API return that data natively?

Again, sorry if this makes no sense. They don’t really teach you BigFix in college

Thanks!

Makes perfect sense, sure. What’s your query look like so far?

You can use a filter for whose (now - last report time of it > 30 * minute) , but where to put the filter depends a bit on your query structure.

In my test analysis, I currently have the relevance at this:
member of group 52 of sites whose (now - last report time of it > 5 * minute)

However, it’s not returning any applicable computers, and I know there are some who haven’t reported in 5 minutes.

From what I’ve found, if I can get that analysis to work, then I can simply GET that with the API call, and it should return the data I want: device name, and last report time - since the Properties are those.

I’m afraid there’s a difference between “client relevance” (evaluated by the client - Properties, Analysis Properties, Fixlets, Tasks, Computer Groups, etc.) and “Session Relevance” (evaluated by the Server - in Console Dashboards or Web Reports or REST API queries). A bit more detail at Besclient version relevance - #2 by JasonWalker

There are a couple of problems with what you’re trying to see, even if this could be done in terms of Client Relevance. You have the whose() filter applied to ‘sites’ when it should really be applied to the ‘computer’. And, since this evaluates on the client, well…if a client is not reporting, it can’t tell you that it’s not reporting

In Client Relevance, ‘member of group 52 of sites’ would give a True/False - the computer is a member, or it’s not. You could combine that with member of group 52 of sites AND now - last report time > 5 * minute to still give a True/False, but again, that’s only available on the client itself - if it’s not reporting, it can’t tell you that it’s not reporting.

What you need for this is Session Relevance - where you’re asking the Server about the last report times of the clients.

Fortunately, the Session Relevance for this case is pretty straightforward. In fact, in Session Relevance, you can get the names of the Computer Groups, Sites, and all of the previously-reported properties for the computer. So a query may look like

(id of it, name of it | "No Name") of members whose (now - last report time of it > 1 * day) of bes computer groups whose (name of it = "Production_Site_Computers")

So, how to test Session Relevance? With the BigFix Console open, hit CTRL-ALT-SHIFT-D to open the ‘Debug Options’ menu, then click the checkbox for ‘Show Debug Menu’

image1325×590 21.7 KB

That adds a new Debug menu to the top of the Console. Open Debug → Presentation Debugger

Now you can test your Session Relevance in the top pane, hit ‘Evaluate’, and see results in the bottom pane:

image863×388 10.2 KB

When you’ve tuned your query and you’re ready to send it via the API, you may need to URL-encode your query depending on the tool you’re using. Python and PowerShell will generally do this for you, but the browser search bar will not; ‘curl’ can do the encoding for you if you keep the query in a separate file and use the ‘–data-urlencode’ parameter when sending it.

What an awesome help you are. That debug menu is SLICK and the query worked exactly as I had hoped. I will tinker with that for a while and will chime in if the API gets me stuck.