Hey all,
Has the live query API endpoint changed? ...
# fleeta
Ari Weinberg
05/11/2023, 5:31 PMHey all,
Has the live query API endpoint changed? I can seem to get it to work:
https://fleetdm.com/docs/using-fleet/rest-api#run-live-query
I get the error "one of query or query_id must be specified"
I did find this: https://fleetdm.com/docs/contributing/api-for-contributors#run-live-query
But my setup does not allow for opening a websocket to get the results. is there a solution that will work over only HTTP?
k
Kathy Satterlee
05/11/2023, 6:12 PMHi @Ari Weinberg Can you show me the request you're sending?
Kathy Satterlee
05/11/2023, 6:12 PMAs well as what version of Fleet you are running.
a
Ari Weinberg
05/11/2023, 6:31 PMHere is the cURL:
Copy code
curl -v \
-X POST \
--location \
"<https://internalfleet/api/v1/fleet/queries/run>" \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer TOKEN' \
-d '{"query_ids":["21"],"host_ids":["523"]}'Ari Weinberg
05/11/2023, 6:32 PMHeres the version string I got from the "my account" page:
Fleet 0.0.0-SNAPSHOT-77d8b0b • Go go1.19.8Ari Weinberg
05/11/2023, 6:33 PMFleet is running in a docker container
Ari Weinberg
05/11/2023, 6:34 PMBut i pulled the container about a week ago
k
Kathy Satterlee
05/11/2023, 9:23 PMAh! Try sending as a GET request.
a
Ari Weinberg
05/11/2023, 9:24 PMHow would I send the data?
k
Kathy Satterlee
05/11/2023, 9:24 PMThe same way you currently are.
Kathy Satterlee
05/11/2023, 9:26 PMThe error is odd for the incorrect method, definitely something to look at. The same request gets me results:
Copy code
curl -v \
-X GET \
--location \
'<https://dogfood.fleetdm.com/api/v1/fleet/queries/run>' \
-H 'Content-Type: application/json' \
-H 'Authorization: Bearer H176qK4ANbTMZDEPM0UG2lTM5mt87wAZHlsxWXJ8PUzi1gG8YHVPIeWp0We3fhqDL4nRZbD8bkoo1ag/TZACIQ==' \
-d '{"query_ids": [1], "host_ids":[1]}'Kathy Satterlee
05/11/2023, 9:27 PM Copy code
[...]
* Connection state changed (MAX_CONCURRENT_STREAMS == 128)!
* We are completely uploaded and fine
< HTTP/2 200
< date: Thu, 11 May 2023 21:26:27 GMT
< content-type: application/json; charset=utf-8
<
{
"summary": {
"targeted_host_count": 1,
"responded_host_count": 1
},
"live_query_results": [
{
"query_id": 778,
"results": [
{
"host_id": 125,
"rows": [
{
"action": "add",
"datetime": "2023-05-09 21:56:47",
"path": "/Volumes/DataGrip",
"vendor": "Apple"
},
{
"action": "add",
[...]a
Ari Weinberg
05/11/2023, 9:48 PMThat worked, thanks so much!
k
Kathy Satterlee
05/11/2023, 10:16 PMpartydeploy
12 Views