This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

XQL Query to find all Mac_OS endpoints and return the version of Netskope installed on the hosts.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

XQL Query to find all Mac_OS endpoints and return the version of Netskope installed on the hosts.

rhodgkins1
L0 Member

‎08-29-2024 04:48 AM

I am new to using xql and I am having trouble getting the information I need using a search query. I need to pull a list of all Mac_OS hosts and then within the applications field return the version of NetSkope installed on the client. I have started with the following query which returns the basic data, but I am lost as to how to extract the information from the applications field which is in a json format. Here is the query along with the sample block from the json data that I need to get. This JSON data is located within the Applications field. 

 

dataset = host_inventory
| filter os_type contains "OS_MAC"
| filter applications contains "netskope"
| fields host_name, applications

 

{
"identifier": "com.netskope.client.Netskope-Client",
"install_date": null,
"installed_for_sid": "global",
"is_from_appstore": false,
"key_name": null,
"manager_name": "macOS",
"application_name": "Netskope Client",
"raw_version": "118.1.1.2131 (118.1.1.2131)",
"uninstall_string": null,
"url_info_about": null,
"url_update_info": null,
"vendor": "netSkope, Inc.",
"version": "118.1.1.2131",
"win_installer": null

 

0 Likes Likes
2 REPLIES 2

nsinghvirk
L4 Transporter

‎08-29-2024 08:36 AM

Hello @rhodgkins1 

 

Thanks for reaching out on LiveCommunity!

Please try using below query. json_extract() function can be used to extract JSON fields.

dataset = host_inventory
| filter os_type contains "OS_MAC"
| filter applications contains "netskope"
| arrayexpand applications
| alter abc = json_extract(applications ,"$.version")
| fields host_name, abc as Application_version

 

Please click Accept as Solution to acknowledge that the answer to your question has been provided.

(1)

rhodgkins1
L0 Member
In response to nsinghvirk

‎08-29-2024 10:21 AM

Hello @nsinghvirk thank you very much for your reply. This is getting much closer. However this is returning the version of every piece of software on the endpoints. I just need to have each host return the version of NetSkope installed on the host. In the code block below is the data I need to extract. If "Netskope Client" is the application_name, then I need the version. 

{
"identifier": "com.netskope.client.Netskope-Client",
"install_date": null,
"installed_for_sid": "global",
"is_from_appstore": false,
"key_name": null,
"manager_name": "macOS",
"application_name": "Netskope Client",
"raw_version": "118.1.1.2131 (118.1.1.2131)",
"uninstall_string": null,
"url_info_about": null,
"url_update_info": null,
"vendor": "netSkope, Inc.",
"version": "118.1.1.2131",
"win_installer": null

0 Likes Likes
  • 409 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks