XQL Query to find all Mac_OS endpoints and return the version of Netskope installed on the hosts.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XQL Query to find all Mac_OS endpoints and return the version of Netskope installed on the hosts.

L0 Member

I am new to using xql and I am having trouble getting the information I need using a search query. I need to pull a list of all Mac_OS hosts and then within the applications field return the version of NetSkope installed on the client. I have started with the following query which returns the basic data, but I am lost as to how to extract the information from the applications field which is in a json format. Here is the query along with the sample block from the json data that I need to get. This JSON data is located within the Applications field. 

 

dataset = host_inventory
| filter os_type contains "OS_MAC"
| filter applications contains "netskope"
| fields host_name, applications

 

{
"identifier": "com.netskope.client.Netskope-Client",
"install_date": null,
"installed_for_sid": "global",
"is_from_appstore": false,
"key_name": null,
"manager_name": "macOS",
"application_name": "Netskope Client",
"raw_version": "118.1.1.2131 (118.1.1.2131)",
"uninstall_string": null,
"url_info_about": null,
"url_update_info": null,
"vendor": "netSkope, Inc.",
"version": "118.1.1.2131",
"win_installer": null

 

2 REPLIES 2

L4 Transporter

Hello @rhodgkins1 

 

Thanks for reaching out on LiveCommunity!

Please try using below query. json_extract() function can be used to extract JSON fields.

dataset = host_inventory
| filter os_type contains "OS_MAC"
| filter applications contains "netskope"
| arrayexpand applications
| alter abc = json_extract(applications ,"$.version")
| fields host_name, abc as Application_version

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

Hello @nsinghvirk thank you very much for your reply. This is getting much closer. However this is returning the version of every piece of software on the endpoints. I just need to have each host return the version of NetSkope installed on the host. In the code block below is the data I need to extract. If "Netskope Client" is the application_name, then I need the version. 

{
"identifier": "com.netskope.client.Netskope-Client",
"install_date": null,
"installed_for_sid": "global",
"is_from_appstore": false,
"key_name": null,
"manager_name": "macOS",
"application_name": "Netskope Client",
"raw_version": "118.1.1.2131 (118.1.1.2131)",
"uninstall_string": null,
"url_info_about": null,
"url_update_info": null,
"vendor": "netSkope, Inc.",
"version": "118.1.1.2131",
"win_installer": null

  • 414 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!