Tanium 6.x: Question Merging

Introduction

Question Merging is the ability to add additional fields to a Question which has already been answered, while results are displayed in the Answer Grid.

After asking a Question, the resulting data set is displayed in the Answers Grid.Question_Merging_1_Answers.jpg

This is the data returned to the Server from all machines which are online at the time the question is asked. From the Answer Grid, there are two options for seeing additional data without re-asking the question.

The first option is the Drill Down. This allows an operator to select one or more rows of data to get a look at other properties of the machines that returned those results by choosing any existing saved question. This will pop up new Answer Grid boxes, and this can be done multiple times.

The second option is Question Merging. Question Merging works in a similar way to the Drill Down in that additional data can be retrieved without needing to lose the original result set. However, rather than popping up additional boxes, the results are displayed next to the original results.

While Drill Down is essentially unlimited in the Console, as Merged Questions are added, the column count will increase until the space between the columns is so small as to be difficult to grab and expand the column boundaries in the Answer Grid.

Merging Questions

To add data to the Answer Grid via Question Merge, use the Plus icon at the top of the Grid:

Question_Merging_2_Merge_Button.jpg

From here, browse the list of Saved Questions and choose the Saved Question to merge in. Additional columns are displayed.

Limits and Considerations

The Tanium Console can show an essentially unlimited number of columns in the UI, and so the number of Merged Questions one can add is typically limited by horizontal screen resolution.

Not all Saved Questions are available for Merging. Only Saved Question which are saved and the appropriate option is checked (below) will be available for merging:Question_Merging_1.JPG

 

Conclusion

Merged Questions enable a Tanium console user to easily gather and show all of the relevant information that they want access to in one easy to reference results set.

Have more questions? Submit a request