Troubleshooting
Problem
When creating a custom query with a condition on any field it doesn't give the required result when using operator: IN GROUP NOT IN GROUP LIKE GROUP NOT LIKE GROUP
Symptom
1) I want to see a report of traffic with just the following DB Users :-
SYS
SYSAD
ADMIN
I define my reports query to have a condition to show traffic with db users IN a GROUP called "system", where my group "system" contains SYS% and ADMIN%. However the result of my report is empty.
2) I define group "system" with members SYS, SYSAD, ADMIN on my Managed Unit (MU) and the same query used as above but still get the wrong result.
Cause
1) The reason this query does not return the expected results is because using the IN GROUP or NOT IN GROUP operator means the exact group member is evaluated and my group has "%" (the percent sign) as part of its members which is not seen as a wildcard in this case.
2) Group definitions, wherever they are defined, are always stored on the CM straight away and then periodically, as part of the portal user sync, group definitions are synced down to the MU's.
This means group definitions may not be on the MU until a while later, after they are synced down from the MU. So queries using this group will not work correctly until the group has synced to the MU where the reports query is run.
Resolving The Problem
1) Use the following operators when any group member contains a wildcard. :-
LIKE GROUP
or
NOT LIKE GROUP
See Using groups in queries and policies
- LIKE GROUP - If the value is like any member of the selected group, the condition is true. This condition enables wildcard (%) characters in the group member names.
2) Check portal user sync is scheduled to run and wait about 30 mins after it has run for the group to be synced to the MU.
* NOTE
The portal user sync can be run manually as a Run Once Now from the Central Manager as below - you will still need to wait for the units to sync up which can take some minutes.
Related Information
Was this topic helpful?
Document Information
Modified date:
16 June 2018
UID
swg21989795