How would I get a count of open actions for each device? I suspect we have some out of control processes that are creating actions and it’s difficult to fine.
This should be easier with session relevance than regular relevance.
This console dashboard may help: https://github.com/jgstew/bigfix-content/blob/master/dashboards/StopOpenCompletedActions.ojo
I figured it would be session relevance.
That said, I don’t follow your link. Is that supposed to be a custom web report that can stop an action?
It is a dashboard you can import into the windows console. It shows all actions that are open that have run against all computers they have targeted and can most likely be safely closed.
Number of open actions:
number of bes actions whose("Open" = state of it)
Number of targeted or reported computers per action:
( maxima of ( (number of elements of reported computer set of it);(number of targeted computers of it) ) ) of bes actions whose("Open" = state of it)Another option:
(number of elements whose (state of it is "Open") of reported action sets of it, names of it, ids of it) of bes computers
2 Likes
I like the queries and they run fine in my test/smaller environments, but in my main env, it just times out. I even tried to scope it out:
(number of elements whose (state of it is "Open") of reported action sets of it, names of it, ids of it) of bes computers
whose(
Operating system of it contains "Win7"
and name of it as lowercase starts with "of014"
and (number of elements of reported action sets of it) > 1000
)
Any other ideas how I could get this to not timeout. Even if I have to keep searching for small subsets.
How many Open Actions do you have in your console? How many computers are returned by the filter?
According to @jgstew in a previous post Relevance search for computer with thousands of possibilities, the use of bes computers leads to every computer being evaluated. (I see that you’ve run into this problem before… 
) Do you have computer groups that might provide some scoping?
Have you tried evaluating against just a single computer ID? If that works you might be able to put some limits on the range of the computer ID.
Another thought is to limit the sites that the action(s) are derived from.
I don’t think the last part of your filter will do any good, since the data has to be returned and evaluated to determine if there are more than 1000 reported actions.
Ya know, right that came in, I was thinking along the same lines. Sometimes I forget what I forgot.
Currently we have about 52k actions (most are open) but would normally expect around 21k, and 97k clients. I’ll dig in and let you know what I find.
1 Like
Yeah, this is the issue. You are getting that for every computer at least once, and twice for every computer with over 1000.
The other issue is that the reported action set will contain baseline components enumerated as individual actions I believe. You probably only care about “parent” or “single” actions.
1 Like
That sped things up, but it’s still a bear.
(number of elements whose (state of it is "Open") of reported action sets of it, names of it, ids of it)
of (members of bes computer groups whose (name of it = "WIN Workstations"))
whose(
Operating system of it contains "Win7"
and name of it as lowercase starts with "of0"
)
Still sort of sucks. I’m tempted to set an analissy to pull the number of actions. That would be faster to pull in web reports. From QnA, what inspectors would I use to find that? I found this http://support.bigfix.com/inspectors/Action%20Objects_Any.html but I always suck at figure out how to use them.
Little late but can kind of cheat the system and use the following Analysis inside the console to pull info from systems. Should work on any OS.
Number of Open Actions:
number of files whose(name of it as string as lowercase contains “action”) of folder “mailboxsite” of data folder of client
Names of Open Actions:
if exists files whose(name of it as string as lowercase contains “action”) of folder “mailboxsite” of data folder of client then following texts of firsts ": " of lines whose(it as string starts with “action-ui-name:”) of files whose(name of it as string as lowercase contains “action”) of folder “mailboxsite” of data folder of client else “N/A”
Actions aren’t only in the mailboxsite of the computer though - only statically-targetted actions go there.
Dynamically-targetted actions appear in the actionsite or opsite folders, whether or not they are Relevant to that endpoint.
Good catch, missed that myself. Took a closer look with dynamic targeting and found the below relevance works for the count for both dynamic and static targeting. It’s not elegant but seems to work pretty well for just the open action count. Still looking into couple other options into getting more info (pending actions on hold, etc.) than just the count into the console but with the information in multiple places gets a bit complicated. Let me know if I missed anything.
(number of files whose(name of it as string as lowercase ends with “qid” AND line of it contains “pending”) of folder “__Local” of folder “actionsite” of data folder of client) + (number of files whose(name of it as string as lowercase contains “action”) of folder “mailboxsite” of data folder of client)
Edit – Just found a flaw in this myself with multiple action groups not being counted and static targets from second half of relevance being double counted from mailbox and local folder. Just happened to be the same number of multiple action groups and static actions in my test cases. Leaving the original relevance up since there is a few options that could be useful to some users.
I still think this would be better queried through session relevance on the server side…but if done from the client, there may be a use case for the sqlite database inspectors to pull from ActionHistory.db