Ad-hoc queries

Ad-hoc queries are performed entirely remotely and do not rely on a query stored in an ePolicy Orchestrator database.

In an ad-hoc query, you specify the target of the query and up to four of the parameters in this table.

Ad-hoc query parameters
Clause Description Behavior if omitted
select Controls which columns from the target table (and any joined tables) the query returns. All columns in the target table are returned.
condition The condition parameter filters results. Only records in the database that satisfy the filtering clause are returned. All rows are returned.
group Controls grouping of the returned data. The returned data is not grouped.
order Controls the order of the returned data (either ascending or descending by columns). The returned rows are ordered according to the natural order of the database.

You can use the core.listTables, core.listDatabases, and core.listDatatypes commands to determine the names and types of target table columns. This information makes it easy to determine which columns to select, and which operations are allowed in the condition.

Example ad-hoc queries

This query is a simple ad-hoc query against the OrionAuditLog table.

URL: https://servername:port/remote/core.executeQuery?target=OrionAuditLog&select=(select OrionAuditLog.UserName OrionAuditLog.CmdName)

Python: mc.core.executeQuery(target="OrionAuditLog", select="(select OrionAuditLog.UserName OrionAuditLog.CmdName)");

OK:
User Name: 
Action: Server restart

User Name: ga
Action: Login attempt

User Name: ga
Action: Upload Extension

This query returns the CmdName and EndTime for all audit log entries. The results are grouped alphabetically by the CmdName, then by the EndTime.

URL: https://servername:port/remote/core.executeQuery?target=OrionAuditLog& select=(select OrionAuditLog.CmdName.OrionAuditLog.EndTime)& group=(group.OrionAuditLog.CmdName OrionAuditLog.EndTime) 

Python: mc.executeQuery(target="OrionAuditLog", select="(select OrionAuditLog.CmdName OrionAuditLog.EndTime)",
group="(group OrionAuditLog.CmdName OrionAuditLog.EndTime)");

OK:
User Name: ga
Priority: 1
Action: Login attempt
Details: Failed logon for user "ga" from IP Address: 172.1.6.1
Success: false
Start Time: 10/11/12 4:41:18 PM PDT
Completion Time: 10/11/12 4:41:18 PM PDT

User Name: system
Priority: 1
Action: Server restart
Details: Server was started.
Success: true
Start Time: 10/11/12 4:41:42 PM PDT
Completion Time: 10/11/12 4:41:42 PM PDT

This query returns all OrionTaskLog entries the "ga" user created. The results are listed in ascending order of the task StartDate.

https://servername:port/remote/core.executeQuery?target=OrionTaskLogTask& where=(where (eq ( OrionTaskLogTask.UserName "ga" ))) & order=(order (asc OrionTaskLogTask.StartDate) )

Python: mc.core.executeQuery(target="OrionTaskLogTask", where="(where ( eq ( OrionTaskLogTask .UserName "ga" )))", order="(order (asc OrionTaskLogTask.StartDate) )");

OK:
Name: Deploy McAfee Agent
Start Date: 10/11/12 5:00:01 PM PDT
End Date: 10/11/12 5:00:38 PM PDT
User Name: ga
Status: 0
Source: scheduler
Duration: 36846

Name: Deploy McAfee Agent
Start Date: 10/11/12 5:04:19 PM PDT
End Date: null
User Name: ga
Status: 10
Source: scheduler
Duration: 1889951790

ePolicy Orchestrator uses symbolic expressions (S-expressions) internally as a portable and database-agnostic schema to define queries and operations. All values passed to each parameter must be valid S-expressions.