Example: Multi-column sensors

Multi-column sensors collect multiple pieces of related data in a single answer. Create multi-column sensors for data that you want the Question Results page to display as a single record. For example, when you investigate Windows Registry issues, you need to know multiple pieces of information.

Registry Key Value Names with Data is an example of a Tanium-provided multi-column sensor. For the registry key that you specify, the sensor returns the User (if User hive), Key path, Value, Data, Data Type, and OS architecture type.

Figure  1:  Results from a multi-column sensor

Script

The script must add a delimiter between each property as it writes to the standard output channel. The delimiter in the script must match the delimiter specified in the settings.

Figure  2:  Multi-column delimiters in sensor script

Settings

For multi-column sensors, when you configure sensor settings, select Split into multiple columns using delimiter, specify a string separator (a pipe is common), and use the controls to specify the columns. Note that when creating questions that filter multi-column sensors, single-column filtering works only if the sensor definition specifies column delimiters with a single character (such as "|"), not multiple characters (such as "|:").

Figure  3:  Multi-column result settings