Report Available: 12 Month Rolling Compliance Report

I see similar request once in a while for a report that shows content (Fixlets) published in previous months.
So here is an attempt on a report that shows Fixlets published (using the Source Release Date) in the last 12 months.
Presumably Microsoft critical patches might be our main reporting target.

Any comments on this report based on the screen shot? Anything missing?
The image is small so you might need to right-click and view image…



Hi Lee - This report looks awesome !!

I have a few queries here, how do we select a computer group - do we use a filter to apply it for a specific set of machines.

Besides Critical patches , can we also select Security Updates (MS ID’s) for the reporting.

Also in your report I noticed that in a month with 0 applicable fixlets, the report is showing compliance as 0%. So would that mean that the machine would have all the necessary patches till date and the machine is 100% complaint ??

This could route back to my first query regarding creating report for a computer group:
A major one is that in a non compliant environment where a computer group(eg:100 servers in group) having different machines are at different patch level, there would be certain machines that the patch would be applicable for and others that patch wont be applicable for. So how do we tackle this - in your fixlet compliance by computer group this is tackled where we get the report per machine in a group. I think this just might be the same thing that your are doing right now with Applicable fixlets against outstanding fixlets but for a computer group

I really appreciate your constant support and guidance to help us.


Hi @diwanker, the key to most of your questions is to use the Filters that is within Web Reports.

  • So you can target the report against a set of computers. This is done by adding a filter for Computers and selecting the desired computer group.
  • For example, you can add a filter to report only against Device Type=Server, or Device Type=Desktop
  • You can filter against any Content (Fixlets), even if not Microsoft patches
1 Like

That’s great!

I was not sure if I could apply the filter for Security Updates or not. Did you get a chance to look at the second query I had wherein the compliance was coming at 0% even if there were 0 applicable/outstanding fixlets.

If possible I can do a test run on a computer group for the report in my environment and let you know the report results.

I am fairly certain that this would give me the results that are required, the issue with my environment is that the patch status is inconsistent.

Also, I am being redundant but would it be possible to filter out a fixlet from the list of fixlets published for a month. Would it be possible to list out the published fixlets for the month as well ?


@diwanker Thanks for the feedback. I change the compliance percentage to dashes “–” if there are no Applicable Fixlets. So it is neither 0 or 100.
Yes you can filter out Fixlets using the standard Web Reports filters.
And you can click on the numbers and see in a separate table below the Fixlets published for that month.

I will send you a copy for testing.

1 Like

Hi Lee Wei,

Is this report available for view?

I have requests from Customers that would like to see a report that is emailed prior to patching time for approval or notification that shows the name for the computers in the computer group and the patches in the baseline that once approved or notification provided will take action to apply. The report is for business owners of the systems that will be emailed prior to patching action.

A similar report you developed “Fixlet Compliance by Computer Group” v. 1.7 would solve I think both the before and after requirement if the graph was removed and just the test in the other two views " "Compliance Report All Window Computers by report for “Baseline” and the last view of the report "outstanding fixlets for All Window Computers by report for “Baseline” , the last view in the report “Fixlet Compliance by Computer Group” v. 1.7 which I think would work as well if I could remove the graph from it as I need to email the report.

What I like about the two report templates is you can select the source of the content which includes the baselines created. Can the new templates you created "Scheduled Compliance and Scheduled fixlet Compliance " accomplish this as I have not seen how to add the source baseline for the content?

@jwgibson949, John, I have posted the report here:

First thank you for this report, it is exactly what we were looking for. I do have a quick question though. When we get the report back it is showing that there are more applicable fixlets then published fixlets, do you have an insight as to what might be causing the difference?

@rgarrett, the Applicable Fixlets counts how many computers are relevant to the Fixlets.
For example, if you have one Fixlet that is relevant on 10 computers, the count is 10.
So I would expect the Applicable Fixlet count to be usually higher than unique Fixlets.

Hope that make sense.

Dear @leewei

I cannot pull out compliance report into CSV format from any browser like Chrome,Mozila & IE also


@vikki, I assume you are using the built-in Web Reports CSV export?
That only works with native reports from Web Reports, but not with custom reports.

In some of the other scheduleable reports, I use an external utility (lwmailer.exe) to parse the output and generate CSVs.!/wiki/Tivoli%20Endpoint%20Manager/page/Schedulable%20Compliance%20by%20Computer

However, I have not worked to export CVS for this report.


Thanks @leewei i am looking for schedule compliance by computer report into CSV format and i try your suggested method by using iwmailer then let you know.

@vikki, this rolling report will not work with lwmailer.exe to generate CSV because I did not code it.
Sorry about that.

1 Like

Okay, Thanks @leewei … I need some clarification on compliance by content report

1.If i use filter option to select From Jan 2015 to Jan 2016 some systems are having only 5 patches needed for a whole year but when check manually on systems around 104 patches are needed.


1 Like

Hi @vikki, can you please give me more details about the above.
Which report are you referring to, and what are the filter options selected?
Feel free to send me a private message with screen shots, or post them here.

1 Like

Hello Lee, got another interesting issue with the Rolling Compliance Report, the months in our bar graph are repeating. The bar graph percentages and coloring match the table, the but the month label for each bar repeating in some cases. The one I just created goes Mar 16, Mar 16, May 16, May 16, Jul 16, Jul 16, Aug 16, Oct 16, Oct 16, Dec 16, Dec 16, Jan 17. It displays the same in Chrome, IE, and Firefox. Looking back through our reports I see it actually started at the end of December. My monthly reports from October and November are correct. As always any assistance is greatly appreciated.

@rgarrett, thanks for reporting and letting me know.
It turns out to be a quirk with JavaScript handling subtraction of months at edge dates (Jan 31).
So you will probably notice that the report works well today on Feb 1.

In any case, I have fixed it in the source.
12 Month Rolling Compliance v1.1.beswrpt

Yes we did notice that when I ran it again on the 1st, but thank you for the updated version.

Hi Mr. lee:
Thanks for ur report!
But when i run it on web reports, the Compliance display “NaN%”

I don’t know why.

What browser are you using? I have it working on Chrome browser at with no issues.