I am trying to generate a report that shows all computer names with the action name, action ID, state, and time issued. We are building grafana dashboards and we want to be able to have it act similar to the BigFix Console. So in the Console when you open a computer and click on “Action History”, i want to be able to have that data outside, if that makes sense. It seems I need to do a custom report to get this data.
For Grafana integration, it is possible to connect Grafana directly to the BigFix database, as Grafana supports connections to various databases. However, this approach is not recommended by HCL due to specific concerns around performance, data integrity, and the direct impact on the BigFix database itself.
Instead, I would recommend creating an external data flow using the BigFix REST API to extract the necessary action data (such as computer names, action names, action IDs, state, and time issued). This data can then be stored in an external database or a data lake that Grafana can connect to for visualization. This approach provides better control over the data, avoids putting additional load on the BigFix database, and aligns with best practices for maintaining the stability and performance of your BigFix environment.
Interesting, thank you! Our BigFix Environment is quite small (~700 servers) so I wonder if there would be any impact, and the database is local to the bigfix server.
What I have been doing is submitting webreports via CSV to an automated mailbox which then ingests it into a different database which grafana reads. Similar to what API does. Do you have any examples of a rest API that does what I need?
A sample session relevance for the data you specified above might look like:
(name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers
We can make this a bit more friendly for CSV-parsers by explicitly delimiting the data fields with commas, and placing double-quotes around the data:
("%22" & item 0 of it & "%22,%22" & item 0 of item 1 of it & "%22,%22" & item 1 of item 1 of it as string & "%22,%22" & item 2 of item 1 of it & "%22,%22" & item 3 of item 1 of it as string & "%22") of (name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers
To pass this to the REST API, we should URL-encode it, then submit as a URL-parameter (named relevance) to /api/query (I’ve also included a URL parameter to output the results in JSON format, but this can also be XML-based if preferred) - you’ll have to adjust the bigfixserver:port value to match your environment:
It looks like I didn’t have API installed on our server. Just installed it but cannot reboot yet.
I have no idea how API works so I will have to learn it. Judging by this I assume theres no way to get a custom report in webreports that spits out what I need? at least for the time being.
<?relevance
(html "<tr><td>" & name of item 0 of it & "</td><td>" & id of item 1 of it as string & "</td><td>" & id of item 2 of item 2 of it as string & "</td><td>" & name of item 2 of item 2 of it & "</td><td>" & state of item 2 of item 2 of it as string & "</td><td>" & (if (exists start date of item 2 of item 2 of it) then (start date of item 2 of item 2 of it as string) else ("N/A")) & "</td><td>" & (if (exists end date of item 2 of item 2 of it) then (end date of item 2 of item 2 of it as string) else ("N/A")) & "</td></tr>")
of (bes computers whose (exists actions of it), actions of it)
?>
but I get “The operator “actions” is not defined.”
I’d still suggest the REST API for use cases like this, but if you want to do this via a Scheduled Activity in Web Reports that outputs an archive file given that you’ve leveraged this approach previously, (make sure the output format radio button is “CSV” rather than “HTML”), you might try something like the following:
"Computer Name","Action Name","Action ID","Action State","Action Issued Date"
<?relevance
(html it) of concatenation "%0d%0a" of (
("%22" & item 0 of it & "%22,%22" & item 0 of item 1 of it & "%22,%22" & item 1 of item 1 of it as string & "%22,%22" & item 2 of item 1 of it & "%22,%22" & item 3 of item 1 of it as string & "%22") of (name of it, (name of it, id of it, state of it, time issued of it) of elements of reported action set of it) of bes computers
)
?>
It won’t look nice in Web Reports, but I believe the output file format should be OK.
In regards to API, did I misunderstand above that actions are not available via api/computers? I know I can get action data but I cannot grab actions per computer data. The CSV is pretty big (15mb) so API might be a better way as you mentioned.
EDIT: I noticed there is no “Status” (failed, not relevant, completed, etc.) and I cannot see “Issued by”.
Glad to hear the CSV output via Web Reports scheduled activities is working
Regarding the REST API, you should be able to get the same output as the CSV file by passing essentially the same Session Relevance query to the API via /api/query. I tried to provide an example above:
{“result”:,“error”:“This expression could not be parsed.”}
Also, I am not sure if you saw my edit before, but it looks like there isn’t an attribute to get the “Status” and “issued by” of the action item? I can only see state
Something weird is happening at the browser level and I’m not sure what.
The browser (both Edge and Chrome for me) is changing the query when I paste it in. Even though neither Aram’s nor my own pass through a URL-encoder contains any doublequote characters, after I paste it in to the browser some of the percent-encodings definitely get replaced by doublequotes and I end up with a query starting with %28"%2522"%20%26%20item%20
Strange, and sorry about that…works for me across Edge, Chrome, and FireFox with no changes to the URL (except the bigfixserver:port).
Once we get this working, we can follow-up on the question about other attributes/fields (the ones you mention today don’t seem to be included in your original ask )
No problem at all. Thank you guys! I swear I am cursed when it comes to these things so I am not surprised
Also, I forgot to mention status/issued BY in my original ask, my fault. I mentioned “Action History” in the console at the end, but I definitely missed it in the first part Apologies!
I’m looking at what might be some bugs in the REST interface when trying to embed literal doublequotes in the string. Should have something shortly, even if it’s a workaround for the bug.
Ok I believe this is a bug, and I believe we may have actually had some discussion on it here before, and I may have had a lot of confusion on reproducing it. Between running prerelease BES versions, and having/not-having BES Explorer, makes a difference.
What I think you need to run (if you must run it from a browser) is
Then you have to take the ‘result’ field from the returned JSON. This would be much easier to do in a higher-level scripting language, python or powershell.
The issue here that I think is a bug is that
In the literal query, we need to use %22 to represent a doublequote, i.e. a query is something like "%22Column1%22" to evaluate to the literal string "Column1" (including the doublequotes)
To URL-encode the percent symbol (%) in %22, that encodes as %2522
In some level of packing/unpacking that %25 is changed back into % and treated as a literal percent symbol; that makes the %22 evaluate as a doublequote too early (I can see in the ‘request’ portion of the XML result that it thought the doublequote has been evaluted as XML " too early, it shouldn’t have been a doublequote at that level but should have been perfectly-valid (for XML) symbols %22 or %2522
In any case, my workaround was to double-up percent symbols by doing a find/replace, changing %25 to %2525 in the query string.
It’s possible this might not be needed with BigFix Explorer evaluating the relevance instead of Web Reports. I’ll look into that a bit later.
We can use powershell (we have jenkins that we use for a lot of scheduled powershell scripts).
Should I be using BigFix Explorer for this type of query?
Also, I know before it was said that connecting grafana directly to the database isn’t recommended, but is it really that bad? Especially when our environment isn’t that huge