Smart Label test is not matching specified conditions
I'm building a smart label to find patches meeting certain criteria. I'm testing for:
Publisher = Microsoft Corp.
Impact is Critical
Status is Active
Superseded is No
but the very second and fourth returns say "Yes" in the "Superseded" column.
Just for kicks, I changed the "Impact" setting to "is not" "Critical", and that set of criteria returns one hit that is Critical Impact and Superseded. See picture.
If I simplify the criteria, the returns still don't match:
Publisher = Microsoft Corp.
Impact is Critical
Status is Active
Superseded is No
but the very second and fourth returns say "Yes" in the "Superseded" column.
Just for kicks, I changed the "Impact" setting to "is not" "Critical", and that set of criteria returns one hit that is Critical Impact and Superseded. See picture.
If I simplify the criteria, the returns still don't match:
2 Comments
[ + ] Show comments
Answers (1)
Answer Summary:
Please log in to answer
Posted by:
kentwest
6 years ago
Top Answer
I opened a ticket with Quest, and they came back with a similar answer to that of Channeler, but with enough information that I now understand why it's doing that.
The two options, "Applicable Packages" and "All Packages" search bundles of patches, not individual patches. The third option, "Individual Patches", of course only searches individual patches.
When you search in a bundle/package, some of the patches in that bundle will match the search criteria, and some won't, and therefore might return results you don't expect. For example, searching for "Impact = Critical" in a package/bundle that contains both critical and non-critical patches might return that bundle (depending on how the search is worded); essentially that particular field in such a case is useless. I suggested that in such a search that field's result be returned as something like "Not Applicable" rather than a deceptive "Critical" or not, and he believes there's a uservoice request for just that sort of solution to the potential confusion.
TL:DR - Search on "Individual Patches" instead of on the "Applicable Packages" or "All Packages" bundles, when you need results to be precise to a patch's characteristics.
The two options, "Applicable Packages" and "All Packages" search bundles of patches, not individual patches. The third option, "Individual Patches", of course only searches individual patches.
When you search in a bundle/package, some of the patches in that bundle will match the search criteria, and some won't, and therefore might return results you don't expect. For example, searching for "Impact = Critical" in a package/bundle that contains both critical and non-critical patches might return that bundle (depending on how the search is worded); essentially that particular field in such a case is useless. I suggested that in such a search that field's result be returned as something like "Not Applicable" rather than a deceptive "Critical" or not, and he believes there's a uservoice request for just that sort of solution to the potential confusion.
TL:DR - Search on "Individual Patches" instead of on the "Applicable Packages" or "All Packages" bundles, when you need results to be precise to a patch's characteristics.
(Upper right corner of your screenshot) - Channeler 6 years ago
Go to Security > Catalog
Select the smart label filter on the Catalog, Make sure you are showing Individual Patches, see if it shows more there - Channeler 6 years ago
The two options, "Applicable Packages" and "All Packages" search bundles of patches, not individual patches. The third option, "Individual Patches", of course only searches individual patches.
When you search in a bundle/package, some of the patches in that bundle will match the search criteria, and some won't, and therefore might return results you don't expect. For example, searching for "Impact = Critical" in a package/bundle that contains both critical and non-critical patches might return that bundle (depending on how the search is worded); essentially that particular field in such a case is useless. I suggested that in such a search that field's result be returned as something like "Not Applicable" rather than a deceptive "Critical" or not, and he believes there's a uservoice request for just that sort of solution to the potential confusion.
TL:DR - Search on "Individual Patches" instead of on the "Applicable Packages" or "All Packages" bundles, when you need results to be precise to a patch's characteristics. - kentwest 6 years ago