Can I query device group membership from trigger code?

triggers

#1

I’m relatively new to writing triggers and having searched the API and Forums, I cannot find an answer to this so hope somebody can provide guidance?

I have a trigger writing database errors out to ELK stack and would like to include a “Business Service” field in my export. I am hoping to do this by including my servers in a Group, e.g “Service: CRM”, and then in the trigger, query groups that the device is a member of and add any beginning “Service:” to my exported field. This would enable me to write more generic triggers rather than having to dedicate triggers to services.

I was hoping to find a delimited string or array property under the Device Class containing this info but don’t think it’s there.

Any guidance on whether this is possible and how I could pull this information would be very much appreciated.

Thanks,

Lee


#2

Hi Lee,

You can’t directly query device groups from within a trigger. You could try getting device group information from the appliance via the new REST API in 5.0, using the Open Data Context API to push that information into the session table keyed by IP or MAC address, then retrieving that information from the trigger.

If you’re interested in that approach, you can find REST API documentation on the ExtraHop at /api/v1/explore, and I can send you documentation regarding the ODC API.

Thanks,
Ted