Creating a web report that spits out all actions with computer names

I am trying to generate a report that shows all computer names with the action name, action ID, state, and time issued. We are building grafana dashboards and we want to be able to have it act similar to the BigFix Console. So in the Console when you open a computer and click on “Action History”, i want to be able to have that data outside, if that makes sense. It seems I need to do a custom report to get this data.

Thank you!

For Grafana integration, it is possible to connect Grafana directly to the BigFix database, as Grafana supports connections to various databases. However, this approach is not recommended by HCL due to specific concerns around performance, data integrity, and the direct impact on the BigFix database itself.

Instead, I would recommend creating an external data flow using the BigFix REST API to extract the necessary action data (such as computer names, action names, action IDs, state, and time issued). This data can then be stored in an external database or a data lake that Grafana can connect to for visualization. This approach provides better control over the data, avoids putting additional load on the BigFix database, and aligns with best practices for maintaining the stability and performance of your BigFix environment.

Interesting, thank you! Our BigFix Environment is quite small (~700 servers) so I wonder if there would be any impact, and the database is local to the bigfix server.

What I have been doing is submitting webreports via CSV to an automated mailbox which then ingests it into a different database which grafana reads. Similar to what API does. Do you have any examples of a rest API that does what I need?

Thanks again for your help!

You can request all kinds of data using the BigFix Platform’s REST API, and for cases like this, using the /api/query resource which takes Session Relevance as input.

A sample session relevance for the data you specified above might look like:

(name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers

We can make this a bit more friendly for CSV-parsers by explicitly delimiting the data fields with commas, and placing double-quotes around the data:

("%22" & item 0 of it & "%22,%22" & item 0 of item 1 of it & "%22,%22" & item 1 of item 1 of it as string & "%22,%22" & item 2 of item 1 of it & "%22,%22" & item 3 of item 1 of it as string & "%22") of (name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers

To pass this to the REST API, we should URL-encode it, then submit as a URL-parameter (named relevance) to /api/query (I’ve also included a URL parameter to output the results in JSON format, but this can also be XML-based if preferred) - you’ll have to adjust the bigfixserver:port value to match your environment:

https://bigfixserver:port/api/query?output=json&relevance=%28%22%2522%22%20%26%20item%200%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%200%20of%20item%201%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%201%20of%20item%201%20of%20it%20as%20string%20%26%20%22%2522%2C%2522%22%20%26%20item%202%20of%20item%201%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%203%20of%20item%201%20of%20it%20as%20string%20%26%20%22%2522%22%29%20of%20%28name%20of%20it%2C%20%28name%20of%20it%2C%20id%20of%20it%2C%20state%20of%20it%2C%20time%20issued%20of%20it%29%20of%20elements%20of%20reported%20action%20set%20of%20it%29%20of%20bes%20computers

2 Likes

It looks like I didn’t have API installed on our server. Just installed it but cannot reboot yet.

I have no idea how API works so I will have to learn it. Judging by this I assume theres no way to get a custom report in webreports that spits out what I need? at least for the time being.

So I am trying to just get a list of actions on a computer ID and I get this:

server:port/api/computer/10961322/actions?output=json

“Requested resource does not exist.”

If I remove the actions part, i get all the computer data in the XML format, it just seems I can’t get actions to load

Actions are not one of the resources available via /api/computers (see https://developer.bigfix.com/rest-api/api/computer.html for reference).

Note that the session relevance examples above can be used not just via the /api/query REST API resource, but also via a custom Web Report.

Dang, ok.

I tried doing this:

    <?relevance
    (html "<tr><td>" & name of item 0 of it & "</td><td>" & id of item 1 of it as string & "</td><td>" & id of item 2 of item 2 of it as string & "</td><td>" & name of item 2 of item 2 of it & "</td><td>" & state of item 2 of item 2 of it as string & "</td><td>" & (if (exists start date of item 2 of item 2 of it) then (start date of item 2 of item 2 of it as string) else ("N/A")) & "</td><td>" & (if (exists end date of item 2 of item 2 of it) then (end date of item 2 of item 2 of it as string) else ("N/A")) & "</td></tr>") 
    of (bes computers whose (exists actions of it), actions of it)
    ?>

but I get “The operator “actions” is not defined.”

I’d still suggest the REST API for use cases like this, but if you want to do this via a Scheduled Activity in Web Reports that outputs an archive file given that you’ve leveraged this approach previously, (make sure the output format radio button is “CSV” rather than “HTML”), you might try something like the following:

"Computer Name","Action Name","Action ID","Action State","Action Issued Date"
<?relevance
(html it) of concatenation "%0d%0a" of ( 
("%22" & item 0 of it & "%22,%22" & item 0 of item 1 of it & "%22,%22" & item 1 of item 1 of it as string & "%22,%22" & item 2 of item 1 of it & "%22,%22" & item 3 of item 1 of it as string & "%22") of (name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers
)
?>

It won’t look nice in Web Reports, but I believe the output file format should be OK.

1 Like

This is awesome thank you, the CSV looks great.

In regards to API, did I misunderstand above that actions are not available via api/computers? I know I can get action data but I cannot grab actions per computer data. The CSV is pretty big (15mb) so API might be a better way as you mentioned.

EDIT: I noticed there is no “Status” (failed, not relevant, completed, etc.) and I cannot see “Issued by”.

Glad to hear the CSV output via Web Reports scheduled activities is working :slight_smile:

Regarding the REST API, you should be able to get the same output as the CSV file by passing essentially the same Session Relevance query to the API via /api/query. I tried to provide an example above:

https://bigfixserver:port/api/query?output=json&relevance=%28%22%2522%22%20%26%20item%200%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%200%20of%20item%201%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%201%20of%20item%201%20of%20it%20as%20string%20%26%20%22%2522%2C%2522%22%20%26%20item%202%20of%20item%201%20of%20it%20%26%20%22%2522%2C%2522%22%20%26%20item%203%20of%20item%201%20of%20it%20as%20string%20%26%20%22%2522%22%29%20of%20%28name%20of%20it%2C%20%28name%20of%20it%2C%20id%20of%20it%2C%20state%20of%20it%2C%20time%20issued%20of%20it%29%20of%20elements%20of%20reported%20action%20set%20of%20it%29%20of%20bes%20computers

Here’s a screenshot of what this call might look like via a browser:

1 Like

When trying API, I get this:

{“result”:,“error”:“This expression could not be parsed.”}

Also, I am not sure if you saw my edit before, but it looks like there isn’t an attribute to get the “Status” and “issued by” of the action item? I can only see state


Not sure if this helps.

If i do api/actions, i get a dump of all the actions. It just seems queries dont work, not sure if I missed a setting or something.

It’s not just you, there’s some problem with the URL-encoding on that. Give me a minute and I should be able to help with an update.

Something weird is happening at the browser level and I’m not sure what.
The browser (both Edge and Chrome for me) is changing the query when I paste it in. Even though neither Aram’s nor my own pass through a URL-encoder contains any doublequote characters, after I paste it in to the browser some of the percent-encodings definitely get replaced by doublequotes and I end up with a query starting with
%28"%2522"%20%26%20item%20

Looking at workarounds now.

1 Like

Strange, and sorry about that…works for me across Edge, Chrome, and FireFox with no changes to the URL (except the bigfixserver:port).

Once we get this working, we can follow-up on the question about other attributes/fields (the ones you mention today don’t seem to be included in your original ask :slight_smile: )

1 Like

No problem at all. Thank you guys! I swear I am cursed when it comes to these things so I am not surprised :rofl:

Also, I forgot to mention status/issued BY in my original ask, my fault. I mentioned “Action History” in the console at the end, but I definitely missed it in the first part :slight_smile: Apologies!

I’m looking at what might be some bugs in the REST interface when trying to embed literal doublequotes in the string. Should have something shortly, even if it’s a workaround for the bug.

1 Like

Ok I believe this is a bug, and I believe we may have actually had some discussion on it here before, and I may have had a lot of confusion on reproducing it. Between running prerelease BES versions, and having/not-having BES Explorer, makes a difference.

What I think you need to run (if you must run it from a browser) is

https://bigfixserver:port/api/query?output=json&relevance=%28%22%252522%22%20%26%20item%200%20of%20it%20%26%20%22%252522%2C%252522%22%20%26%20item%200%20of%20item%201%20of%20it%20%26%20%22%252522%2C%252522%22%20%26%20item%201%20of%20item%201%20of%20it%20as%20string%20%26%20%22%252522%2C%252522%22%20%26%20item%202%20of%20item%201%20of%20it%20%26%20%22%252522%2C%252522%22%20%26%20item%203%20of%20item%201%20of%20it%20as%20string%20%26%20%22%252522%22%29%20of%20%28name%20of%20it%2C%20%28name%20of%20it%2C%20id%20of%20it%2C%20state%20of%20it%2C%20time%20issued%20of%20it%29%20of%20elements%20of%20reported%20action%20set%20of%20it%29%20of%20bes%20computers

Then you have to take the ‘result’ field from the returned JSON. This would be much easier to do in a higher-level scripting language, python or powershell.

The issue here that I think is a bug is that

  • In the literal query, we need to use %22 to represent a doublequote, i.e. a query is something like "%22Column1%22" to evaluate to the literal string "Column1" (including the doublequotes)
  • To URL-encode the percent symbol (%) in %22, that encodes as %2522
  • In some level of packing/unpacking that %25 is changed back into % and treated as a literal percent symbol; that makes the %22 evaluate as a doublequote too early (I can see in the ‘request’ portion of the XML result that it thought the doublequote has been evaluted as XML &quot; too early, it shouldn’t have been a doublequote at that level but should have been perfectly-valid (for XML) symbols %22 or %2522

In any case, my workaround was to double-up percent symbols by doing a find/replace, changing %25 to %2525 in the query string.

It’s possible this might not be needed with BigFix Explorer evaluating the relevance instead of Web Reports. I’ll look into that a bit later.

1 Like

I ran your URL from the browser and it worked.

We can use powershell (we have jenkins that we use for a lot of scheduled powershell scripts).

Should I be using BigFix Explorer for this type of query?

Also, I know before it was said that connecting grafana directly to the database isn’t recommended, but is it really that bad? Especially when our environment isn’t that huge