1 2 Previous Next 17 Replies Latest reply on Dec 7, 2017 3:41 AM by Andrew Waters

Old discovered servers

Matias Malpica Nov 9, 2017 1:44 PM

I am trying to build a query to return a list of servers that have not been scanned at all before 7 weeks to the date, any idea on how to? tried pulling information out of the last update success and last update failure but i believe skipped status do not show up on the last one...

1. Re: Old discovered servers

Lisa Keeler Nov 9, 2017 3:02 PM (in response to Matias Malpica)
oops, formatting problems in previous answer:

This query shows Hosts that have not been scanned in the past 30 days:
Search Host where last_update_success < (currentTime() - 30*24*3600*10000000)
show name, os, last_update_success, age_count

Change the 30 to the number of days you want.

Lisa
Like Show 0 Likes(0)

Actions
2. Re: Old discovered servers

Andrew Waters Nov 10, 2017 1:45 AM (in response to Lisa Keeler)

No that is not what the query does. What is does is show the Hosts that have not be successfully scanned in the last 30 days.
Like Show 1 Likes(1)

Actions
3. Re: Old discovered servers

Andrew Waters Nov 10, 2017 1:51 AM (in response to Matias Malpica)

Why do you care about skipped if you want a list of servers not scanned in the last 7 weeks?
Like Show 1 Likes(1)

Actions
4. Re: Old discovered servers

Matias Malpica Nov 10, 2017 8:44 AM (in response to Matias Malpica)

I dont, i am saying that when i pull the information from that field it seems like ADDM does not count skipped as the last time a server was scanned...
Like Show 0 Likes(0)

Actions
5. Re: Old discovered servers

manu mshm Nov 16, 2017 7:39 AM (in response to Matias Malpica)

Hi Andrew,

Is it possible to use the last_update_success attribute with the discovery access? I am trying to pull a report where Discovery Access result was success anytime in last 3 days, not necessarily the last access.

Regards,
Manu
Like Show 0 Likes(0)

Actions
6. Re: Old discovered servers

Andrew Waters Nov 16, 2017 8:07 AM (in response to manu mshm)

But last_update_success is the last success. You should be able to just use that.
Like Show 0 Likes(0)

Actions
7. Re: Old discovered servers

manu mshm Nov 16, 2017 8:33 AM (in response to Andrew Waters)

thanks Andrew. How do I restrict my search where Discovery access is Success in the last three days?

Regards,
Manu
Like Show 0 Likes(0)

Actions
8. Re: Old discovered servers

Andrew Waters Nov 16, 2017 9:30 AM (in response to manu mshm)

This is almost exactly the same as the query earlier in this thread. Just reverse the direction of the test, i.e. < becomes >
Like Show 0 Likes(0)

Actions
9. Re: Old discovered servers

manu mshm Nov 16, 2017 10:29 AM (in response to Andrew Waters)

Hi Andrew,
search DiscoveryAccess where last_update_success > (currentTime() - 3*24*3600*10000000) - This doesn't fetch any results for me although there are more than 5000 plus discovery access with result as Success from yesterday's scan. Any pointers where I am going wrong?

Regards,
Manu
Like Show 0 Likes(0)

Actions
10. Re: Old discovered servers

Andrew Waters Nov 16, 2017 11:13 AM (in response to manu mshm)

I assumed you meant Hosts not DiscoveryAccesses.

Then just search DiscoveryAcccess
SEARCH DiscoveryAccess
WHERE end_state = 'GoodAccess'
AND starttime > (currentTime() - 3*24*3600*10000000)
3 of 3 people found this helpful
Like Show 0 Likes(0)

Actions
11. Re: Old discovered servers

Brice-Emmanuel Loiseaux Nov 16, 2017 11:41 AM (in response to Andrew Waters)

Similar query is:

SEARCH DiscoveryAccess
WHERE result = 'Success'
AND starttime > (currentTime() - 3*24*3600*10000000)
2 of 2 people found this helpful
Like Show 0 Likes(0)

Actions
12. Re: Old discovered servers

Andrew Waters Nov 16, 2017 12:07 PM (in response to Brice-Emmanuel Loiseaux)

It really depends upon what you are after.

The problem / advantage of checking result is that ECAErrors from patterns will not be found. GoodAccess means it basically found enough to be scanning the device.
2 of 2 people found this helpful
Like Show 0 Likes(0)

Actions
13. Re: Old discovered servers

manu mshm Nov 17, 2017 12:28 AM (in response to Andrew Waters)

Thanks Andrew and Brice.

Regards,
Manu
Like Show 0 Likes(0)

Actions
14. Re: Old discovered servers

manu mshm Dec 7, 2017 2:53 AM (in response to manu mshm)

Hi Andrew/Brice,

While I use this query it is giving me all the success results for a endpoint in last 3 days.so if a host is all success in last 3 days it gives me 3 entries against that host.Is there a way to get just one entry against each endpoint, just the latest success ? I tried using countUnique but I have multiple columns in my query.

regards,
Manu
Like Show 0 Likes(0)

Actions