Check out the
headlines
headlines
PQL observed_at() function
The observed_at() function
returns the date that a node was last observed.
Syntax
The observed_at() function returns a string and takes a tree parameter:
string observed_at(tree input)
Examples
- Example 1: Date traffic was last seen
- Example 2: Date software last checked
- Example 3: Time of last disk space check
Example 1: Date traffic was last seen
Query: When was the last time the traffic was observed?
SELECT observed_at FROM /network/device/interface/in_octets
Results: Depending on the database, this query returns results similar to this:
row observed_at(in_octets) 2008-06-12T03:32:17.000000Z row observed_at(in_octets) 2008-06-12T03:32:17.000000Z row observed_at(in_octets) 2008-06-12T03:05:25.000000Z . . .
Example 2: Date software last checked
Query: When was the software installed since January 1st last checked?
SELECT name, observed_at(name) FROM /network/device/wmi/win32_product WHERE installdate > '20080101'
Results: Depending on the database, this query returns results similar to this:
row name Altoworks Crawler observed_at(name) 2008-04-19T00:35:30.670602Z row name Windows Media Encoder 9 Series observed_at(name) 2008-05-05T22:21:17.984139Z row name Microsoft .NET Framework 2.0 Service Pack 1 observed_at(name) 2008-05-05T22:21:17.984139Z . . .
Example 3: Time of last disk space check
Query: When was the last time systems were checked for low disk space?
SELECT observed_at(systemname) FROM %free disk space% WHERE freespace < 1000000000 AND description = 'Local Fixed Disk'
Results: Depending on the database, this query returns results similar to this:
row observed_at(systemname) 2008-06-12T18:39:41.000000Z row observed_at(systemname) 2008-06-10T01:30:59.000000Z row observed_at(systemname) 2008-06-11T22:43:12.000000Z row observed_at(systemname) 2008-06-11T23:09:19.000000Z
To see other PQL functions, see Functions.
