Scheduled Queries
Scheduled queries are those queries that have a specific time and duration in which they are run. Once you have created the query, you will use the Schedule Orbital Query function to set the query’s duration and frequency. Duration is how long the query will be active for and frequency is how many times the query will be executed within the query’s duration. These queries are run across many to very many endpoints, any of which, at any given moment, can be taken offline.
| Note: | The Orbital node, installed on each endpoint, is the device that polls into the Orbital Service at predefined intervals, and/or when the node is returned on line. |
Results from Scheduled Queries can be viewed from the Results page.
Scheduled Query Behavior
Because endpoints can be taken offline and returned online at potentially random times, Orbital's scheduler cannot simply schedule a query to be run every ten minutes for a period of ten days, across all endpoints that are online at that moment.
Instead, it must make allowances for all of the nodes that are offline, or taken offline when the query is scheduled to run. In order to accommodate this, the scheduler will place the query or queries in a queue for a given node, to be run at the specified interval (e.g. every fifteen minutes). The node will retrieve and run the query at the designated interval. If the node has been taken offline before the query can be run, once the node returns online, it will retrieve and run the queued query. This results in some nodes not running the query at the specified interval, but at a later time.
For example, a user creates a query that is scheduled to started at one o'clock in the afternoon, run every fifteen minutes over the course of ten days, across 100 nodes, which are running a mixture of operating systems. During the initial query run, all of the endpoints are online and successfully return the query's results. However, during the second run, made at 1:15pm, two endpoints are offline and only return online at 1:18pm. In this instance, the two nodes, installed on the endpoints, will run the script at 1:18pm and every fifteen minutes afterwards; i.e. 1:18pm, 1:33pm, 1:48pm, etc. This three-minute offset in the query execution schedule will be in place until the query's duration has expired. The other 98 endpoints will run the script at the scheduled time; i.e. 1:15pm, 1:30pm, 1:45pm, etc.