Thanks for this information, i did try as you recommended, and used the below query but still i am getting the error;
curl -k -u admin "https://ePOIP:8080/remote/core.executeQuery?target=EPOLeafNode&Select=(Select+EPOComputerProperties...." -o prodreport.csv
Error setting parameters for command: core.executeQuery
Below is the SQL view captured based on your recommendation, however i had used only few columns in the above command to test it, but still its failing. Not sure i am missing something here.
select [EPOLeafNode].[NodeName], [EPOLeafNode].[ManagedState], [EPOLeafNode].[LastUpdate], [EPOComputerProperties].[IPV4x], dbo.epofn_EPOComputer_GetOS (EPOLeafNode.AutoID), [EPOProdPropsView_EPOAGENT].[productversion], [EPOProdPropsView_ENDPOINTSECURITYPLATFORM].[productversion], [EPOProdPropsView_THREATPREVENTION].[productversion], [AM_CustomProps].[ManifestVersion], [AM_CustomProps].[EngineVersion], [AM_CustomProps].[AMCoreContentDate], [AM_CustomProps].[AVCMGRbComplianceStatus], [AM_CustomProps].[V2DATVersion], [EPOProdPropsView_VIRUSCAN].[productversion], [EPOProdPropsView_VIRUSCAN].[datver], [EPOProdPropsView_VIRUSCAN].[enginever64], [EPOProdPropsView_VIRUSCAN].[enginever], [MDCC_ACCOUNT].[NAME], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[image_id], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[instance_id], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[instance_name], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[launch_time], [MDCC_EP_SEC_REPORT_VIEW].[POWER_STATUS], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[created_time], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[image_id], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[instance_id], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[vm_name], [EPOLeafNode].[AutoID] from [EPOLeafNode] left join [EPOComputerProperties] on [EPOLeafNode].[AutoID] = [EPOComputerProperties].[ParentID] left join [AM_CustomProps] on [EPOLeafNode].[AutoID] = [AM_CustomProps].[LeafNodeID] left join [EPOProdPropsView_ENDPOINTSECURITYPLATFORM] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_ENDPOINTSECURITYPLATFORM].[LeafNodeID] left join [MDCC_VM_INFO] on [EPOLeafNode].[AutoID] = [MDCC_VM_INFO].[EPO_LEAF_NODE_ID] left join [MDCC_EP_SEC_REPORT_VIEW] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_EP_SEC_REPORT_VIEW].[AUTO_ID] left join [MDCC_CLOUD_VM_PROPS_VW_azurermSquid] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[VM_INFO_ID] left join [MDCC_CLOUD_VM_PROPS_VW_awsSquid] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[VM_INFO_ID] left join [MDCC_ACCOUNT] on [MDCC_VM_INFO].[ACCOUNT_ID] = [MDCC_ACCOUNT].[AUTO_ID] left join [EPOProdPropsView_EPOAGENT] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_EPOAGENT].[LeafNodeID] left join [EPOProdPropsView_VIRUSCAN] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_VIRUSCAN].[LeafNodeID] left join [EPOProdPropsView_THREATPREVENTION] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_THREATPREVENTION].[LeafNodeID] order by [EPOLeafNode].[NodeName] asc
Here is the full query used and still not working, could someone please assist in writing the correct query using the table columns given below
curl -k -u admin "https://ePOIP:8080/remote/core.executeQuery?target=EPOLeafNode&Select=(Select+EPOComputerProperties.ComputerName+EPOComputerProperties.IPAddress+EPOLeafNode.LastUpdate+EPOComputerProperties.OSType+EPOLeafNode.ManagedState+EPOProdPropsView_EPOAGENT.productversion)" -o prodreport.csv
select [EPOLeafNode].[NodeName], [EPOLeafNode].[ManagedState], [EPOLeafNode].[LastUpdate], [EPOComputerProperties].[IPV4x], dbo.epofn_EPOComputer_GetOS (EPOLeafNode.AutoID), [EPOProdPropsView_EPOAGENT].[productversion], [EPOProdPropsView_ENDPOINTSECURITYPLATFORM].[productversion], [EPOProdPropsView_THREATPREVENTION].[productversion], [AM_CustomProps].[ManifestVersion], [AM_CustomProps].[EngineVersion], [AM_CustomProps].[AMCoreContentDate], [AM_CustomProps].[AVCMGRbComplianceStatus], [AM_CustomProps].[V2DATVersion], [EPOProdPropsView_VIRUSCAN].[productversion], [EPOProdPropsView_VIRUSCAN].[datver], [EPOProdPropsView_VIRUSCAN].[enginever64], [EPOProdPropsView_VIRUSCAN].[enginever], [MDCC_ACCOUNT].[NAME], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[image_id], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[instance_id], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[instance_name], [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[launch_time], [MDCC_EP_SEC_REPORT_VIEW].[POWER_STATUS], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[created_time], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[image_id], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[instance_id], [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[vm_name], [EPOLeafNode].[AutoID] from [EPOLeafNode] left join [EPOComputerProperties] on [EPOLeafNode].[AutoID] = [EPOComputerProperties].[ParentID] left join [AM_CustomProps] on [EPOLeafNode].[AutoID] = [AM_CustomProps].[LeafNodeID] left join [EPOProdPropsView_ENDPOINTSECURITYPLATFORM] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_ENDPOINTSECURITYPLATFORM].[LeafNodeID] left join [MDCC_VM_INFO] on [EPOLeafNode].[AutoID] = [MDCC_VM_INFO].[EPO_LEAF_NODE_ID] left join [MDCC_EP_SEC_REPORT_VIEW] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_EP_SEC_REPORT_VIEW].[AUTO_ID] left join [MDCC_CLOUD_VM_PROPS_VW_azurermSquid] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_CLOUD_VM_PROPS_VW_azurermSquid].[VM_INFO_ID] left join [MDCC_CLOUD_VM_PROPS_VW_awsSquid] on [MDCC_VM_INFO].[AUTO_ID] = [MDCC_CLOUD_VM_PROPS_VW_awsSquid].[VM_INFO_ID] left join [MDCC_ACCOUNT] on [MDCC_VM_INFO].[ACCOUNT_ID] = [MDCC_ACCOUNT].[AUTO_ID] left join [EPOProdPropsView_EPOAGENT] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_EPOAGENT].[LeafNodeID] left join [EPOProdPropsView_VIRUSCAN] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_VIRUSCAN].[LeafNodeID] left join [EPOProdPropsView_THREATPREVENTION] on [EPOLeafNode].[AutoID] = [EPOProdPropsView_THREATPREVENTION].[LeafNodeID] order by [EPOLeafNode].[NodeName] asc
its ePO v5.9.1, I will try to check in new version i my lab
do you mean, i need to export the complete data which gets executed from the query?
No, I was just giving that query as an example - you can edit it to return the information you need. What results does your current query return? It should be possible to get the same results from an ad-hoc query as opposed to executing the existing ePO query.
From the SR that you opened, try this:
-o/--output <file>
Write output to <file> instead of stdout.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
This query is very inconsistent, its does not work all the time.
Is there a better way to capture the data using McAfee WebAPI?
Regards,
Mahesh
In what way doesn't it work? You can refer to the web api scripting guide for running ad-hoc queries and customize your queries for the data you want. We don't write them for you, but you can also post under the community for McAfee open source here to see if they can assist better.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
when i say its not consistent , the same query work for couple of days and it does not work another day as it gets hung no output for many hours.
You might want to make sure that the database isn't highly fragmented to cause slow responses or deadlocks. You might want to test with turning all epo services off, including agent handlers, and run the reindex script that is attached to KB67184 and ensure that is a regular maintenance task. Turning off epo is only for running it the first time to get a full complete reindex offline. Otherwise, when it hangs, check to see if there are deadlocks in the database, or other tasks running that might affect performance.
Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?
Corporate Headquarters
6220 America Center Drive
San Jose, CA 95002 USA