Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
peter_schumache
Collaborator

How to count objects of a group

Is threr a way to simply count the number of objects in a group?

(R77.30 and R80.x)

18 Replies
JozkoMrkvicka
Mentor
Mentor

Old school method:

Please note that this method is very time consuming !

Kind regards,
Jozko Mrkvicka
Maik
Advisor

Well, for R80 you could use the management API and count the objects in the "members" column of the result of "show groups". Or you can use the script that I have written and linked here. After you have received the csv output just filter for a specific group name in the A column (when opening the csv in Excel) and you can count the hosts in column B. Tough this script does not work for Ipv6 objects - did not have the time and need to update it yet.

More solid solution that also works for IPv6 objects:

=> run "show groups details-level full --format json" via the management api

=> copy the output to your clipboard

=> paste it here or into an offline json viewer regarding any security concerns (I used test data and a cloud test instance for this example)

So for each group you will see the numbers after the "objects" section ~ marked green in the example

For each member of the group you will see numbers in the "members" section of the related group ~ marked red in this example

Keep in mind that there are default output limits of the management api that can be set via the "offset" and "limit" parameter, e.g. the first 50 groups (starting from 0) can be seen via:

mgmt_cli show groups limit 50 offset 0 details-level "full" --format json

The default value here is 50, so if you have more than 50 groups this needs to be changed (or you pull the data interval vise by changing the offset to +50 each time). If you just want the number of hosts for one specific group you can run:

mgmt_cli show group name "HERE_COME_THE_NAME" limit 50 offset 0 details-level "full" --format json

And then you follow the same procedure as above + check the numbers in the members section.

I don't have any clue for R77.30 as I never worked with pre R80 managament, sorry.

Regards,

Maik

0 Kudos
Vladimir
Champion
Champion

Tomer Sole‌ This is actually quite funny in a not funny sort of way:)

Can you bump it to R&D to include the number in the Group Object's properties and, perhaps for mouse-over?

Tomer_Sole
Mentor
Mentor

Thank you for the feedback. 

Some workarounds:

For R80.10, in case that group is in a rule, you can click the rule and expand the members at the bottom "Details" tab.

In case you are interested with not just member count but actual IP ranges and non-IP objects including all nested members, we are bringing this with the API for the upcoming R80.20. You can already try it with the latest published Public EA for R80.20.

0 Kudos
JozkoMrkvicka
Mentor
Mentor

echo -e "print network_objects <NAME_OF_GROUP>\n-q\n" | dbedit -local 2>&1 | grep -roh "Table:" | wc -l

Just replace <NAME_OF_GROUP> with desired group and run this command from Management station (or from CMA itself).

Tested on R77.30 and R80.10.

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

Thanks Jozko!

I've seen your post above and have copied the string in my toolbox already:)

That being said, it really is the issue of having same capability in UI.

Reasons being that not all admins may have access to cli, but they may need to see and compare the number of objects in a group, for instance to see if something was added or removed without actually looking up individual objects.

Cheers,

Vladimir

JozkoMrkvicka
Mentor
Mentor

There is also option to create script which will search all network groups on management and count objects in every of them. Maybe also list of these objects inside group Smiley Happy

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

Jozko,

Since you've already done some scripting along these lines, would you look into possibility of modifying a script to create tags consisting of a group name and the object count and attaching them to the group objects?

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Vladimir,

Not sure if I got your request correctly, so could you please give me example what is exactly needed ?  Thanks !

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

Enumerate the groups and the count of objects in those and pipe it into "add tag" or "set tag" so it'll tag the count to the group object. I.e.:

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Would you like to have tag only with digits (1), or including timestamp ?

Because in case you will run script more times, you will have multiple tags with no meaning when it was checked.

Or some naming convention, like " <COUNT_OF_MEMBERS> - <DATE>".

Or delete all tags before checking and you will have only 1 tag with current count of all members of any group...

Long tag name shouldnt be used, as the purpose is to have simple word there...

Let me know your preffered way Smiley Happy

EDIT: Nice finding - in case exactly the same tag is already in place for the group, it will NOT be added second time. It is valid only in case just digits should be added. For example during first run I had no tags, after script run I see there is new tag with the count of members in total (1 for example). In case I run the script second time, the tag will be not added (means objects is not modified), because the same tag is already there. On the other hand, it doesnt mean that 1 object wasnt added and 1 object wasnt removed from this group ...

Kind regards,
Jozko Mrkvicka
0 Kudos
Vladimir
Champion
Champion

Both approaches have their merits and shortcomings.

I.e. the verbose tag leaves less chances of being misinterpreted, but will not be able to show the number in the displayed portion of the tag, only in fully expanded or moused-over.

The short, numbers only tag, will be visible right away, but one cannot be sure how current the data in it is.

It may be better to have a # appended by the query time in the body of the tag, so that the number will be visible right away and by mousing over, we can see when it was discovered.

Additionally, and I am not sure if this is material, will the tag show the number of objects in published policies or installed? Also, we have to make sure that the older tags will get removed, otherwise we'll keep growing their number in perpetuity.

Thank you for running with this idea!

Cheers,

Vladimir

0 Kudos
JozkoMrkvicka
Mentor
Mentor

Okay, I will try to do it this way:

If group contains any tag with ONLY numbers, it will be removed. If there is no more tag with numbers, it will add new one tag with actual number of members in that group.

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Mentor
Mentor

Hello guys,

I have created script which will count members of every single network group and add this number as new tag of relevant network group.

Big thanks goes to Vladimir Yakovlev‌ for his idea Smiley Happy

I have tested my script in many cases and it works well. As I was doing it in my LAB where I have only 5 network groups, it would be great if someone can test it before I will post it into Developers section.

Thanks for every feedback.

UPDATE:

New version of script available to be compatible with new kernel on R80.20 (issue with "grep" command).

Kind regards,
Jozko Mrkvicka
Vladimir
Champion
Champion

Awesome!

I'll give it a shot as soon as I rebuild my lab environment: just had to donate my servers to the client who borked the firmware upgrade on their IBMs.

JozkoMrkvicka
Mentor
Mentor

UPDATE:

New version of script available to be compatible with new kernel on R80.20 (issue with "grep" command).

Kind regards,
Jozko Mrkvicka
ganeshan_dharm1
Participant

I am looking for number of members in A specific group.  the below command is not working

echo -e "print network_objects <NAME_OF_GROUP>\n-q\n" | dbedit -local 2>&1 | grep -roh "Table:" | wc -l‍

0 Kudos
JozkoMrkvicka
Mentor
Mentor

If you open the network group in SmartConsole, on top right side you have number of objects in the group.

Kind regards,
Jozko Mrkvicka
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events