Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
a
Ari Weinberg
05/11/2023, 5:31 PMHey all,
Has the live query API endpoint changed? I can seem to get it to work:
https://fleetdm.com/docs/using-fleet/rest-api#run-live-query
I get the error "one of query or query_id must be specified"
I did find this: https://fleetdm.com/docs/contributing/api-for-contributors#run-live-query
But my setup does not allow for opening a websocket to get the results. is there a solution that will work over only HTTP?
k
Kathy Satterlee
05/11/2023, 6:12 PMHi @Ari Weinberg Can you show me the request you're sending?
As well as what version of Fleet you are running.
a
Ari Weinberg
05/11/2023, 6:31 PMHere is the cURL:
curl -v \
-X POST \
--location \
"<https://internalfleet/api/v1/fleet/queries/run>" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer TOKEN' \
-d '{"query_ids":["21"],"host_ids":["523"]}'Heres the version string I got from the "my account" page:
Fleet 0.0.0-SNAPSHOT-77d8b0b • Go go1.19.8Fleet is running in a docker container
But i pulled the container about a week ago
k
Kathy Satterlee
05/11/2023, 9:23 PMAh! Try sending as a GET request.
a
Ari Weinberg
05/11/2023, 9:24 PMHow would I send the data?
k
Kathy Satterlee
05/11/2023, 9:24 PMThe same way you currently are.
The error is odd for the incorrect method, definitely something to look at. The same request gets me results:
curl -v \
-X GET \
--location \
'<https://dogfood.fleetdm.com/api/v1/fleet/queries/run>' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer H176qK4ANbTMZDEPM0UG2lTM5mt87wAZHlsxWXJ8PUzi1gG8YHVPIeWp0We3fhqDL4nRZbD8bkoo1ag/TZACIQ==' \
-d '{"query_ids": [1], "host_ids":[1]}'[...]
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 200
< date: Thu, 11 May 2023 21:26:27 GMT
< content-type: application/json; charset=utf-8
<
{
"summary": {
"targeted_host_count": 1,
"responded_host_count": 1
},
"live_query_results": [
{
"query_id": 778,
"results": [
{
"host_id": 125,
"rows": [
{
"action": "add",
"datetime": "2023-05-09 21:56:47",
"path": "/Volumes/DataGrip",
"vendor": "Apple"
},
{
"action": "add",
[...]a
Ari Weinberg
05/11/2023, 9:48 PMThat worked, thanks so much!
k
Kathy Satterlee
05/11/2023, 10:16 PM😛artydeploy: