https://github.com/osquery/osquery logo
#fleet
Title
# fleet
a

Ari Weinberg

05/11/2023, 5:31 PM
Hey all, Has the live query API endpoint changed? I can seem to get it to work: https://fleetdm.com/docs/using-fleet/rest-api#run-live-query I get the error "one of query or query_id must be specified" I did find this: https://fleetdm.com/docs/contributing/api-for-contributors#run-live-query But my setup does not allow for opening a websocket to get the results. is there a solution that will work over only HTTP?
k

Kathy Satterlee

05/11/2023, 6:12 PM
Hi @Ari Weinberg Can you show me the request you're sending?
As well as what version of Fleet you are running.
a

Ari Weinberg

05/11/2023, 6:31 PM
Here is the cURL:
Copy code
curl -v \
-X POST \
--location \
"<https://internalfleet/api/v1/fleet/queries/run>" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer TOKEN' \
-d '{"query_ids":["21"],"host_ids":["523"]}'
Heres the version string I got from the "my account" page:
Fleet 0.0.0-SNAPSHOT-77d8b0b • Go go1.19.8
Fleet is running in a docker container
But i pulled the container about a week ago
k

Kathy Satterlee

05/11/2023, 9:23 PM
Ah! Try sending as a GET request.
a

Ari Weinberg

05/11/2023, 9:24 PM
How would I send the data?
k

Kathy Satterlee

05/11/2023, 9:24 PM
The same way you currently are.
The error is odd for the incorrect method, definitely something to look at. The same request gets me results:
Copy code
curl -v \
-X GET \
--location \
'<https://dogfood.fleetdm.com/api/v1/fleet/queries/run>' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer H176qK4ANbTMZDEPM0UG2lTM5mt87wAZHlsxWXJ8PUzi1gG8YHVPIeWp0We3fhqDL4nRZbD8bkoo1ag/TZACIQ==' \
-d '{"query_ids": [1], "host_ids":[1]}'
Copy code
[...]
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 200 
< date: Thu, 11 May 2023 21:26:27 GMT
< content-type: application/json; charset=utf-8
< 
{
  "summary": {
    "targeted_host_count": 1,
    "responded_host_count": 1
  },
  "live_query_results": [
    {
      "query_id": 778,
      "results": [
        {
          "host_id": 125,
          "rows": [
            {
              "action": "add",
              "datetime": "2023-05-09 21:56:47",
              "path": "/Volumes/DataGrip",
              "vendor": "Apple"
            },
            {
              "action": "add",
[...]
a

Ari Weinberg

05/11/2023, 9:48 PM
That worked, thanks so much!
k

Kathy Satterlee

05/11/2023, 10:16 PM
partydeploy