logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB LiveOps: Query Builder Returns Zero Results

CB LiveOps: Query Builder Returns Zero Results

Environment

  • CB LiveOps Web Console: All Versions

Symptoms

  • Zero results returned when running a LiveQuery made using the Query Builder
  • Query uses the shell_history table

Cause

  • The shell_history table needs to be JOINed to the users table in order to obtain results
  • The Query Builder GUI does not provide the ability to use the SQL JOIN clause

Resolution

  • The query will need to be run using the SQL Tab instead of the Query Builder GUI
  • An example of this query would be:  
    SELECT u.username,sh.time,sh.command,sh.history_file 
FROM users AS u 
JOIN shell_history AS sh USING(uid);

Additional Notes

Although only the shell_history table is offered in the Query Builder GUI, the following tables also need to be JOIN-ed to another table for results to come back:  
chrome_extensions - All OSs
crashes - OSX
browser_plugins - OSX
safari_extensions - OSX
preferences - OSX
opera_extensions - OSX, Linux
firefox_addons - OSX, Linux
known_hosts - OSX, Linux
authorized_keys - OSX, Linux
user_ssh_keys - OSX, Linux

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
390
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.