Hello everyone.
I’m trying to put together an expression that matches all computers that are not member of any group starting with Patch-. I’ve been looking online and trying different expressions but haven’t had the expected results. I’m testing on WebUI Query. My queries have been different version of something like:
not exists (it as string) whose (it starts with "Patch") of (names of groups of it) of bes computers
Thanks for any suggestion.
The ‘bes computers’ inspector is for Session Relevance, not Client Relevance. You can use Session Relevance in REST API, Web Reports custom reports, and Dashboards; but you cannot use it in Analysis, Fixlet, or Client Query like the WebUI Query app. That’s because ‘bes computer’, ‘bes groups’, etc. require reading the BigFix Database, not reading settings that the client can reach.
If you do want it in a custom report or such, this should be pretty efficient:
names of elements of (set of bes computers - union of member sets of bes computer groups whose (name of it starts with "Patch"))
If this needs to run in Client Relevance, then with our built-in inspectors we don’t know group names, you’d need to have the list of group IDs and check for them with a relevance like
q: member of group 49 of site whose (name of it = "actionsite")
A: True
T: 0.014 ms
You can however sometimes approximate the group membership by checking for a Client Setting that is registered when the computer recognizes it is a group member. This is undocumented so could be subject to change, and there are some groups the client won’t be able to track (like manual groups if “evaluate on client” is not specified):
q: settings whose (name of it starts with "__Group_" and value of it as boolean = True) of client
A: __Group_0_test_manual_group=True
A: __Group_1_BES Infrastructure=True
A: __Group_1_Native_And_Correlated_Endpoints=True
A: __Group_1_ServerBasedGroup-Win=True
A: __Group___AdminBy___op_100=True
A: __Group___AdminBy___op_101=True
A: __Group___AdminBy___op_104=True
A: __Group___AdminBy___op_106=True
We may not be able to predict the number that appears after _Group, but we could make a regular expression match on the naming convention. This might work if you’re using this in client query or analysis:
q: not exists settings whose (name of it starts with "__Group_" and value of it as boolean = True and exists matches (regex "^__Group_\d+_Patch") of name of it) of client
Thanks for the detailed explanation. In that case I’ll stick with an automatic group with a bunch of rules for Group Membership - Is not member of.