Question parameters
How to configure Question Parameters.
Duration
The section in the list of instruction parameters is Duration. When Endpoint Troubleshooting asks a question it does so immediately to all the connected devices, which can be seen in the Approximate Target parameter, in the picture there are 12 out of 12 devices connected so the question will get sent immediately to all of the devices.
In a large dynamic network having all the devices connected at one time is unlikely, due to the nature of laptops or mobile devices for example connectivity is liable to be a very fluid thing with devices connecting and disconnecting constantly.
For this reason questions are asked over a duration, this allows devices that connect inside of that duration to answer the question. The default time varies according to the instruction definition in the DEXPack but you can change this parameter to the time that you think will give the highest number of responses.
The other aspect of a dynamic network is that the information returned in the responses to a question may change afterwards at the source. For this reason the responses to a question are only kept for a configurable period of time. Like the Gather data for parameter, the default Keep answers for time varies according to the instruction definition in the DEXPack but you can change this parameter to a time appropriate to how volatile the information in the question response is.
Setting the duration for gathering data and keeping answers can be done by:
Editing the question Parameters
Expanding the Duration heading in the Parameters rollout
Selecting a value and unit (minutes or hours) for each of the Gather data for: and Keep answers for: fields.
Clicking the Set link at the bottom-right of the expanded Duration heading.
The picture shows a question Duration with the default values.
Coverage
The Coverage section lets you control which devices get sent the instruction you are defining. This helps to minimize network bandwidth usage as all the processing of which devices get targeted is all done within 1Ebefore the instruction is sent. Coverage uses the data sent to 1E by devices when they register.
The picture shows the Coverage section for a question.
More information on Coverage
Coverage, question filters, and view filters describes the similarities and differences between the three main types of filter that can be applied to an instruction, and a tutorial on Management groups and coverage can be found in Limiting coverage using a Management group - tutorial. Tables of information on the coverage parameters can be found in Coverage parameters.
Filter results
The Filter results section lets you define a question filter that determines which devices respond to an instruction. In this case the instruction is sent to the device and the filter is applied there to determine whether the device sends a response or not. Like Coverage this reduces unnecessary network bandwidth usage but unlike Coverage the data that can be used for the filter comes from the instruction and is not limited to the data sent to Endpoint Troubleshooting when devices connect.
The picture shows the Filter results parameter section expanded.
Selecting the attributes to filter
The Filter results where: field lets you build filter conditions from the attributes of the question, a comparison operator and a value. You can build multiple filter conditions, but each of them must be built and set before you can build the next.
The workflow steps for creating each condition are as follows:
Choose the attribute to filter
Choose the comparison operator
Set the value
Each step uses the Filter results where: field in a slightly different way. To choose the attribute you click in the field. A list of the attributes that are available to filter on from the selected question will be displayed. Each attribute has a type that changes the options that are available for the operator and value selectors, as shown in the following table.
|
Attribute type |
Operators |
Value field |
|---|---|---|
|
string |
begins with contains is ends with |
Edit field |
|
integer |
>= = <= |
Edit field constrained to integer values |
|
datetime |
before after |
date/time picker |
|
bool |
is |
menu containing true/false |
Once the operator has been set the value can be set. For string and integer type attributes there is an edit field. For boolean type attributes there is a menu that allows you to select true or false. For datetime type attributes there is a date picker that lets you select the date and time interactively.
More information on Filter results
Coverage, question filters, and view filters describes the similarities and differences between the three main types of filter that can be applied to an instruction.
Export data
The Export data section lets you define from the outset that the responses to the instruction will be exported when all the results have been gathered.
The picture shows the Export data section expanded. There is a single edit field where you must supply the path to a Windows share.
More information on Export data
An example of running an instruction with Export data enabled can be found in Tasks.
Exporting data from the outset is also similar to exporting all results from the responses page, as described in Exporting data from Endpoint Troubleshooting.
Comments
The Comments section lets you add a comment to the instruction that will appear in the emails sent to approvers.
The picture shows the Comments section expanded.
Coverage, question filters, and view filters
How to define the coverage for a question, how to filter the responses to a question at source and how to filter them in the responses view.
Coverage and filters
In Endpoint Troubleshooting Home page, questions, and responses, we've seen an example of asking a question and returning some responses. The question was asked of all 6 devices and the responses from all 6 devices could be seen. However, our example environment is not representative of a real network where there may be many thousands of devices and a corresponding number of responses. In the real world it would be expected that questioners would want to perform some limiting of the number of devices questioned, the number of responses returned and the number of responses displayed.
Endpoint Troubleshooting provides options for each of these:
Coverage - limits the number of devices that are questioned
Question filters - limits the responses at the client
View filters - limits the number of responses shown in a view
All of these limit the amount of data that is displayed to the user, but it's worth while making a quick comparison of the similarities and the differences to help determine when it is best to use each.
The picture shows the basic similarities and differences between the three options. We'll look at each option in more detail in the following headings.
In the following examples TCNQuestioner01 is logged in to Endpoint Troubleshooting, they have access to the How many of each operating system version are installed? question that we will use to illustrate the similarities and differences between Coverage, Question filters and View filters.
Coverage
Let's take a look at coverage first. To demonstrate the difference between filters and coverage we will set the coverage of the question to only target devices that have Windows 10 or later installed.
In the example we're logged on as TCNQuestioner01, here are the instructions for it:
After typing the text How m in the edit field, select the How many of each operating system version are installed? question from the list of matching questions.
Note that the Approximate target field shows that there are 12 connected out of 12 devices. This is because in our example environment there are only 12 client devices in total and all of them are connected. In a real network you are liable to have intermittently connecting devices and the connected number shown will vary accordingly.
After the question is loaded click on the Edit link in the parameters section beneath the question text. Doing this expands the Parameters rollout.
On the Parameters rollout click the Coverage heading to see the coverage parameters.
Click the Operating system heading to expand the controls for setting a coverage using the operating system details
The Type parameter lets you select the device's operating system from a list of supported OS. Select Windows.
The Version parameter lets you define a numeric comparison for the number you type in the edit field. Select the >= operator and then type 10 in the edit field. This will check for all Operating Systems of version 10 or later.
Click the Set link in the bottom-left of the expanded Operating system heading, which adds the OsVer >= 10 and OSType = Windows coverage parameters to the question details.
Now click the Ask this question button. The question will only be asked of the devices whose device parameters match the coverage just set.
The Responses page for the question displays the selected Coverage parameters in the question header.
Once all the responses have been received you can see in the video that there are two rows where the Os Version Text is Windows 10 Enterprise and Windows 10 Pro respectively and the Count totals 2.
Real-time coverage
Endpoint Troubleshooting does not just work on the basis of the client devices that are currently, or have previously, connected to 1E. It is also open to existing information changing and to new, previously unconnected, client devices that come online while a question is active. This means that the coverage information in the question header, where it shows the percentage of answers received out of the total number of devices included in the coverage, could change as client devices change their device properties registered with 1E or new client devices come on line.
In our coverage example the responses could change if a client device finishes a migration to a Windows 10 operating system or a new client device with the Windows 10 operating system connects while the question is still active. In this case the number of devices in the coverage would change but the percentage could stay at 100% if all of the new devices covered have also sent responses.
Question filters
The second option is to apply a filter at the point the question is being framed. This does not affect which clients get asked the question. The question filter, which is constructed from the attributes of the question response, controls which of the clients actually send their responses.
Question filters are set by editing the question parameters, once a question has been selected, you expand the Filter results heading in the Parameters rollout.
In the example we're logged on as TCNQuestioner01, here are the instructions for it:
After typing the text How m in the edit field, select the How many of each operating system version are installed? question from the list of matching questions.
After the question is loaded, click on the Edit link in the parameters section beneath the question text. Doing this expands the Parameters rollout.
On the Parameters rollout, click the Coverage heading to see the coverage parameters.
Click on the Filter results heading to expand that section.
Clicking on the Filter results where: field displays the question attribute list, that is the list of attributes that are defined as part of the question.
Select OsType from the list and it gets added to the field and a second list is displayed containing the operators that are relevant to the attribute type, in this case a string.
Select the contains operator and that gets added to the field. Now the rest of the field becomes an edit field.
Type in Windows to complete the filter and then click the Set link in the bottom-right of the expanded Filter results heading to add the filter to the Filter results for the question.
Now start the process of building the second part of the filter. This time, click in the field and select OSVersionText.
Select the contains operator.
Type 10 into the edit field and finally click the Set link to add the second filter to the Filter results for the question.
Once the filters have been added, click on Ask this question.
The Responses page for the question displays the selected Filter results parameters in the question header.
The responses come back from the devices and the results look similar to the coverage example.
View filters
The last option is to apply a filter at the point of viewing the responses to the question. This does not affect which client devices get asked the question, nor does it affect which client devices return responses.
View filters are set on the Responses page for the individual instruction, once a question has been selected and asked, you then expand the Filter results panel just above the responses table.
In the example we're logged on as TCNQuestioner01, here are the instructions to follow it:
After typing the text How m in the edit field, select the How many of each operating system version are installed? question from the list of matching questions.
This time go straight to clicking on Ask this question.
In moments, the Responses page for the question shows that all the devices have responded.
Click on the Filter results button to expand the filter results panel.
Type Windows into the OS Type field and 10 into the OS Version Text field then click the Search button.
Now the responses from all the connected devices are filtered to just the Windows 10 devices.
Comparing coverage, question filters and view filters
Here we compare the three sets of responses to the same question, but set with different coverage, question filters and view filters.
Coverage
Here are the results of running a question with coverage set.
The following points summarize coverage:
Lets you constrain a question so that it only gets asked of particular client devices
Uses the device details registered with 1E by each client device
Is applied at the 1E Server before the question is asked
Remains active for the duration of the question, so client devices that change their device details registered with 1E may subsequently be included in the question's coverage - that may include new client devices that haven't previously connected.
Question filter
Here are the results of running a question with a question filter set.
The following points summarize a question filter:
Lets you constrain a question so that responses are only made by particular client devices
Uses the question attributes. The question is run on the client and if the response satisfies the question filter it is sent to Endpoint Troubleshooting
Is applied at the client after the question is asked but before the response is sent.
View filter
Here are the results of running a question with a view filter set.
The following points summarize a view filter:
Lets you constrain the responses for a question so that only the ones that pass the filter are displayed
Uses the data in the columns for the responses to a particular question
Is applied in the Endpoint Troubleshooting in the Responses view after the responses have been sent to 1E Server and are being viewed.
Limiting coverage using a Management group - tutorial
How to use Management groups to set the coverage for a question to target a specific set of devices.
In this tutorial
In this tutorial, we set the coverage for a question using a Management group. The examples assume that the Management groups have already been configured by a userwho has the group administrator role, please refer to Management Groups tutorial for more details.
As an example, we will show how to specifically target the devices in the Executive Management group. In our example this Management group, defined according to the OU the devices belong to, contains two devices used by members of the executive team:
ACME-WIN1001.acme.local
ACME-WIN1002.acme.local
In this tutorial, we will demonstrate:
Opening the Parameters Coverage Management group panel
Searching for the Management group and setting the coverage
Asking the question, viewing the results and drilling down to see the devices
Setting Management group coverage
This tutorial starts at the point the TCNQuestioner01 user has already selected the question: How many of each operating system versions are installed?
To set the coverage for the question they need to open the Parameters rollout to locate the Coverage section and open the Management group panel.
Opening the Parameters Coverage Management group panel
To do this:
Click the Edit link displayed below the question field in the Parameters section. Doing this opens the Parameters rollout on the right-hand side of the screen.
Click on the Coverage heading in the rollout to expand that section and display all the alternative types of coverage that can be set.
Click on the Management group heading to expand that panel and reveal a search combobox.
Searching for the Management group and setting the coverage
When the Management group field is open:
Click in the edit field, a drop-down list with all the currently defined Management groups is displayed.
Type the first few letters of the Management group you want to use. In our example TCNQuestioner01 types Ex to find the Executive Management group.
Click on the Management group in the list of matches displayed.
When the Management group has been selected click Set to add it to the question parameters.
-
Note
-
You can only set one Management group for a given question. If you try to set another it will replace the one already set.
In our example you can see in the question parameters that the coverage has been set to the Executive Management group and the Approximate target has changed from 12 to 2. Hovering over the information icon by the Approximate target field displays a notification that the target has been reduced.
Asking the question, viewing the results and drilling down to see the devices
We're now ready to ask the question.
Click the Ask this question button.
Having set the coverage, the question will only be asked of the devices contained in the selected Management group.
In our example, when the responses come back a single bar is displayed indicating that the 2 devices both have the Windows 10 Pro operating system installed.
When TCNQuestioner01 clicks on the Responses list icon, it displays a single entry for the Windows 10 Pro operating system.
Clicking on that entry expands the devices that have that operating system installed.
Here the two target devices in the Executive Management group can be seen:
ACME-WIN1001.acme.local
ACME-WIN1002.acme.local
In this tutorial we've shown how to:
Open the Parameters Coverage Management group panel
Search for a Management group and apply the coverage to the question
Ask the question, view the results and verify the devices the question was targeted at.
Refining responses with follow-up questions
How to refine responses by asking follow-up questions.
Follow-up questions
Endpoint Troubleshooting lets you build on top of initial questions by asking follow-up questions. Those questions may themselves have follow-up questions and so on. The purpose of the follow-up questions is either to constrain the responses further, acting as a kind of super filter, or to get additional information from the devices in the initial responses.
The example
To illustrate the use of follow-up questions we will use a scenarios where an administrator wants to find out which users are currently logged on to just the Windows devices that have previously been tagged with an ACMEDEPLOY Phase 3 value coverage tag.
A user with permissions to ask questions, in our example TCNActioner01, is logged on to Endpoint Troubleshooting.
The example contains the following steps:
On the Endpoint Troubleshooting home page, type in coverage to find and then select the What are the coverage tags? question.
Click the Ask this question button.
Responses are sent back from the client devices showing the coverage tags applied to each of the devices
Filter the responses to show just those with the Phase 3 value set. This is done by clicking on the Filter results button, which expands the Filter results panel.
Enter the text Phase 3 into the Values edit field and then click Search to apply the filter. The responses change to display just the Phase 3 tagged devices.
Now click the Follow-up question button to ask a question of just these devices. Doing this displays the Questions tab with the original question and filter displayed above the usual question edit field.
Type How many to find and then select the How many of each operating system version are installed? question.
Click Ask this question, at the bottom of the page
Responses to the new question are sent back from the client devices that pass the original question and filter. In this case it provides responses from just the Phase 3 tagged devices
From these follow-up responses the Os Type of the devices can be used to filter and just display the Windows devices. To do this Expand the Filter results panel, type Windows in the Os Type field and then click the Search button. Notice how the Linux device has been filtered out.
Click the Follow-up question button to create a second follow-up question. Again the follow-up Questions tab is displayed, this time with the follow-up question and filter displayed.
Type the word logged into the edit field to find and then select the Who is currently logged in? question.
Click the Ask this question button.
Now the responses to the second follow-up question display the logged on users for just the Windows devices that have been tagged with the Phase 3 value for the ACMEDEPLOY coverage tag. Job done.
If the user wants to monitor how they got to this point they can look at the Trail, over on the left of the responses table
Going from top to bottom they can see they asked What are the coverage tags?, then How many of each operating system version are installed? and finally Who is currently logged in?