Documentation Home > Tanium Console User Guide

Example: Multicolumn sensors

Multicolumn sensors are designed to collect multiple pieces of related data in a single answer.

Create multicolumn sensors when the data is more useful when presented as a single record. For example, when you look into Windows Registry issues, you need to know multiple pieces of information.

Registry Key Value Names with Data is a multicolumn sensor included in the Initial Content pack. It returns: User (if User hive), Keypath, Value, Data, Data Type, and OS architecture type.

Figure 1: Results from a multicolumn sensor

Script

The script must add a delimiter between each property as it writes to the standard output channel. The delimiter in the script must match the delimiter specified in the settings.

Settings

For multicolumn sensors, when you configure sensor settings, select Split into multiple columns using delimiter, specify a string separator (a pipe is common), and use the controls to specify the columns. Note that when creating questions that filter multicolumn sensors, single-column filtering works only if the sensor definition specifies column delimiters with a single character (such as "|"), not multiple characters (such as "|:").

Last updated: 11/12/2019 3:19 PM | Feedback