Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

Hey all,
Is there a way for me to run an arbitrary Query against a host, using the fleet api?
I can do this easily via the web GUI.
But the API "run query" endpoint seems to only accept a query id (i.e an existing query) as an argument, not an arbitrary query. `POST /api/v1/fleet/queries/:id/run`
Is there any way to provide an arbitrary query??

Ok I actually just found the answer. I need to hit the Hosts endpoint, which has a "Live query host" feature.
`POST /api/v1/fleet/hosts/identifier/:identifier/query`