4 Replies Latest reply on Dec 17, 2018 3:23 AM by Ana Lorite

    How to dismiss NoAccess discovery access related to a successful updated device

    Ana Lorite
      Share This:

      Hi all,

       

      I have this query that obtains all the No Access results in a week for the Network Devices.

       

      ###NoAccess

      search DiscoveryAccess

      where starttime > currentTime() - 7 * 24 * 60 * 60 * 10000000

          and result = 'NoAccess'

          and nodecount(traverse DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo where kind = 'NetworkDevice')

      order by #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type

      show

          result as 'Result',

          #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.hostname as 'Name',

          endpoint as 'Endpoint',

          #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type as 'Device Type',

          device_summary as 'Device Summary',

          #Member:List:List:DiscoveryRun.label as 'Label'

       

      But we've detected that some of the IPs of these NoAccess belongs to a device who was succesfully discovered through another IP in the same Discovery Run.

       

      I mean, I don't want my query obtains these NoAccess:

       

       

      Discovery knows that because of all this NoAccess DiscoveryAccess has this information, UI only:

       

      So, if I could get this inferred entity (i don't now how) and check the date of the last update success, maybe I could dismiss that NoAccess Discovery Access that actually aren't an issue.

       

      Thank you in advance. I really appreciate any clue about this.

       

      Have a nice weekend.

       

      Ana.

        • 1. Re: How to dismiss NoAccess discovery access related to a successful updated device
          Eric Plunk

          Hello Ana.

           

          I'm not sure I have a correct answer for you.  Many of the IP Addresses end with .1 (like 10.10.192.1).  In our company the first address in a range is for the gateway device.  First possibility is the gateways were changed by the network team.  Second possibility is a time out issue, and the discovery finally succeeded.  In both situations, my suggestion is to talk with your network team and ask if they can explain.

          • 2. Re: How to dismiss NoAccess discovery access related to a successful updated device
            Andrew Waters

            Does this do what you want?

            SEARCH DiscoveryAccess

            WHERE starttime > currentTime() - 7 * 24 * 60 * 60 * 10000000

              AND result = 'NoAccess'

              AND NODECOUNT(TRAVERSE DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo WHERE kind = 'NetworkDevice')

              AND NODECOUNT(TRAVERSE FLAGS(include_destroyed) DiscoveryAccess:AccessFailure:InferredElement:) = 0

            ORDER BY #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type

            SHOW

              result as 'Result',

              #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.hostname as 'Name',

              endpoint as 'Endpoint',

              #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type as 'Device Type',

              device_summary as 'Device Summary',

              #Member:List:List:DiscoveryRun.label as 'Label'

            • 3. Re: How to dismiss NoAccess discovery access related to a successful updated device
              Ana Lorite

              Hi Eric Plunk,

               

              Thanks for anwser.

               

              My question is not about the reason of these NoAccess. My question is about a report that helps network team and i need the information about NoAccess devices isn't wrong.

               

              Thanks anyway for your help!

               

              Ana.

              • 4. Re: How to dismiss NoAccess discovery access related to a successful updated device
                Ana Lorite

                Hi Andrew Waters,

                 

                Thanks for your help.

                 

                If I run your query, I find the 'NoAccess''s discovery access with an infered entity. It means, 'NoAccess' from devices that finally were sucessfully discovered, right? And precisely I would like to avoid those cases:

                 

                 

                But if I run this query I found 2 items and it looks good. What do you think, Andrew Waters?

                 

                search DiscoveryAccess

                where starttime > currentTime() - 7 * 24 * 60 * 60 * 10000000

                        AND result = 'NoAccess'

                        AND NODECOUNT(traverse DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo where kind = 'NetworkDevice')

                        AND NODECOUNT(TRAVERSE FLAGS(include_destroyed) DiscoveryAccess:AccessFailure:InferredElement:) = 0

                order by #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type

                show

                        result as 'Result',

                        #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.hostname as 'Name',

                        endpoint as 'Endpoint',

                        #DiscoveryAccess:DiscoveryAccessResult:DiscoveryResult:DeviceInfo.device_type as 'Device Type',

                        device_summary as 'Device Summary',

                        #Member:List:List:DiscoveryRun.label as 'Label',

                        #DiscoveryAccess:AccessFailure:InferredElement:.name  as 'Probable NetworkDevice corresponding to a failed access',

                        NODECOUNT(TRAVERSE FLAGS(include_destroyed) DiscoveryAccess:AccessFailure:InferredElement:)  as 'Number of Inferred Entity'

                 

                 

                Thanks a million!!!