https://github.com/osquery/osquery logo
Powered by
#fleet
Title
# fleet
n

n8felton

04/13/2022, 5:12 PM
Does Fleet have the ability to group results from multiple hosts? I"m looking for something like 
SELECT version, COUNT(version) FROM os_version GROUP BY version;
that will tell me something like this for the whole fleet.
Copy code
+---------+----------------+
| version | COUNT(version) |
+---------+----------------+
| 12.2.1  | 18             |
| 12.3.1  | 186            |
+---------+----------------+
t

Tomas Touceda

04/13/2022, 5:13 PM
hi! not currently
1
z

zwass

04/13/2022, 6:12 PM
Not in Fleet directly, but I ❤️ unix tools, so I'd recommend this:
Copy code
fleetctl query --labels 'All Hosts' --query 'SELECT version FROM os_version' --timeout 15s | jq '.rows[0].version' | sort | uniq -c
 56% responded (91% online) | 10/18 targeted hosts (10/11 online)
Stopped by timeout
   1 "11.6.3"
   2 "12.2.1"
   1 "12.3"
   4 "12.3.1"
   2 "20.04.3 LTS (Focal Fossa)"
   1 "CentOS Stream release 8"
k

Kathy Satterlee

04/13/2022, 6:22 PM
Beat me to it 🙂
Copy code
fleetctl get hosts --json | jq '.spec .os_version' | sort | uniq -c
You could also fetch host data using the REST API and parse through it in whatever manner you prefer!
z

zwass

04/13/2022, 7:22 PM
Ah love it Kathy! Even simpler!
n

n8felton

04/13/2022, 7:36 PM
Thanks!
ooo, I'll have to take a quick look at 
GET /api/latest/fleet/hosts/count
as well
ooo, spelunking through issues lead me to https://github.com/fleetdm/fleet/issues/2825 too.
4 Views
Powered by