Discovery: How to use the historySubset function in reporting ?

Discovery: How to use the historySubset function in reporting ?

Knowledge Article

Article Number

000218576

Old Article Number

000180041

Article Type

FAQ/Procedural

Title

Discovery: How to use the historySubset function in reporting ?

Summary

How to use the historySubset function in reporting ?

Product

BMC Discovery

Component

BMC Discovery

Applies to

BMC Discovery

Question

How to use historySubset function in reporting ?

Answer

In Discovery, the history of a node is stored in the datastore, and it can be viewed by clicking on Actions > View History on the node page. This approach will allow one to view history of a node at a time.

To view the changes that happened within a specific time interval on particular attributes/relationships for all nodes, use the historySubset function.

The historySubset function reports on a subset of the node history between the specified times. This function is defined in the following format:
historySubset(nh, timeA, timeB, attrs, rels)... where 'attrs' is a list of attribute names to report and 'rels' is a list of colon-separated relationship specifications to report.

Some examples:

1- To provide the history of Host attributes OS_Version and OS_Type, and relationship Host:HostedSoftware:RunningSoftware:SoftwareInstance:

SEARCH Host SHOW
name,
historySubset(#, 0, currentTime(),
["os_version", "os_type"],
["Host:HostedSoftware:RunningSoftware:SoftwareInstance"])

This query can be modified to use a time interval, and to add more attributes/relationships. For example:

SEARCH Host SHOW
name,
historySubset(#, parseTime("2019-01-01"), parseTime("2019-07-25"),
["os_version", "os_type", "model", "serial", "uuid"],
["Host:HostedSoftware:RunningSoftware:SoftwareInstance", "Host:Detail:Hardware:ProcessorInfo"])

2- To provide the history of Host attributes 'name', 'uuid', 'hostname in the past 30 days

search Host where name = 'abc' show name, historySubset(#, currentTime() - 30 * 24 * 3600 * 1000000, currentTime(), ['name', 'uuid', 'hostname'], [])

For more information see historySubset in this documentation page .

3- To report the changes about the Host added/removed to ModelDefinition nodes in the 30 past days:

SEARCH ModelDefinition SHOW
  name,
  historySubset(#, (currentTime() - 30*24*3600*10000000), currentTime(),
     ["name", "state"],
     ["Definition:DefinitionContainment:IncludedItem:Host"])

Alternative:
SEARCH ModelDefinition where state = "published" show
name,
historySubset(#, (currentTime() - 30*24*3600*10000000), currentTime(),
["name", "state"],
["Definition:DefinitionContainment:IncludedItem:"])

Attachment(s):