Version 2.0.0 of the web app improves how the web app searches your data. We shifted from a SQL database to Big Query, a system designed for querying big data sets. This update enables a wide range of improvements that rely on searching massive data sets, and sets up for a range of important future improvements. A phased rollout of this update is already in progress.
What this means for search queries
Searches over large amounts of data — whether on the sessions page, the reports page, or in the terminal — will return results in a matter of seconds, not minutes.
This means you can:
Test potential trigger queries against your past data by searching them on the sessions page;
Preview reports in the same window where you create and edit them;
Not worry that queries with particular Cmd Query Language (CQL) properties will result in extreme processing times;
Let more data flow through the agents and web app (reduce filtering).
In the future, it will also allow us to:
Enable CQL properties that were infeasible with the SQL database;
Increase the in-app data retention window beyond the current limit of 30 days;
Import exported data back into the web app for analysis;
...and more. We look forward to enabling additional feature enhancements in future releases.
One other impact is that queries over small amounts of data will now take slightly longer. We think of this as enabling all queries to return in seconds — rather than either instantaneously, or not at all.
CQL Updates
A database built on Big Query allows us to expose more of the data captured from your servers to you as Cmd Query Language properties, without worrying about processing constraints.
Several new CQL properties are available now, and some properties that could only be used in trigger queries are now usable throughout the web app. We will make additional queries available in upcoming releases. Several queries have also been deprecated due to incompatibilities with Big Query.
New CQL properties
session_uts_domain_name
Domain name (as per “man 2 getdomainname”) associated with the Linux server, VM, or container in which the process is executed.
session_uts_hostname
Hostname (as per “man 2 gethostname”) associated with the Linux server, VM, or container in which the associated process is executed.
Enhanced CQL properties
These properties were previously available only in trigger queries, but can now be used throughout the web app:
cmd — The executed command.cmd_working_directory — The executed command’s working directory.
For more details on the new or enhanced properties, see the CQL glossary.
Deprecated CQL properties:
Several properties are no longer available. server_agent_ping_date is the most frequently used — typically as part of a Report monitoring when servers connected — but with recent enhancements to the Servers page, you can simply sort the servers table by "Last login". If you have another use-case impacted by these changes, feel free to contact Cmd support for alternatives.
cmd_first_time_command — Boolean. True for commands whose roots have never been executed in the current Cmd project.
server_agent_ping_date — The most recent date when a Cmd agent running on the server connected to Cmd’s infrastructure.
server_agent_uninstalled — Boolean. Whether the agent was uninstalled from a server.
server_version — Version number of the installed Cmd agent.
session_disconnected — Boolean. True if the session disconnected gracefully (e.g. with the exit command).
trigger_has_group — Boolean. True for triggers assigned to a trigger group.
Minor changes
Updated tooltips and minor visual changes throughout the app.
Simplified the redaction of individual commands in the web app terminal. Now, clicking an eraser icon in the details pane will redact the entire command and its parameters, or the entire output — instead of requiring you to specify which characters to redact. We encourage you to use RE2 scrubbers instead.
Bug fix
Live Sessions Page:
Fixed a bug where the session counter in the upper right would not always match the number of live sessions displayed on the page.