update timers artifact to use systemctl plugin

Author: djoreilly

artifacts/definitions/SUSE/Linux/Events/Timers.yaml

@@ -19,12 +19,13 @@ sources:
     precondition: SELECT OS From info() where OS = 'linux'
     description: Collect systemd timer executions from journal
     query: |
-      LET timers = SELECT parse_json_array(data=Stdout) AS list
-        FROM execve(argv=['systemctl', 'list-timers', '--all', '-o', 'json', '--no-pager'])
+      LET timer_triggered(service) = SELECT *
+        FROM systemctl(command="show", unit=service, properties=["TriggeredBy"])
+        WHERE len(list=TriggeredBy) > 0
 
-      LET timer_execs = SELECT *, {SELECT activates from timers.list} AS activates
+      LET timer_execs = SELECT *
         FROM Artifact.SUSE.Linux.Events.Services()
-        WHERE format(format="%s%s" , args=[Service, ".service"]) in activates
+        WHERE timer_triggered(service=Service)
 
       SELECT Timestamp, PID, User, Process as Cmd, Description
         FROM timer_execs