Channels
android_tests
apple-silicon
arm-architecture
auditing-warroom
aws
carving
code-review
community-feeds
core
darkbytes
doorman
ebpf
eclecticiq-polylogyx-extension
extensions
file-carving
fim
fleet
fleet-dev
fleetosquery
foundation
fuzzing
general
golang
goquery
infrastructure
jobs
kolide
linen-dev
linux
macos
officehours
osctrl
plugins
process-auditing
querycon
queryhub
random
selfgroup
sql
tls
uptycs
vendor-feeds
website
windows
zeek
zentral
zercurity
Title
n
n8felton
04/13/2022, 5:12 PMDoes Fleet have the ability to group results from multiple hosts? I"m looking for something like
SELECT version, COUNT(version) FROM os_version GROUP BY version;+---------+----------------+
| version | COUNT(version) |
+---------+----------------+
| 12.2.1 | 18 |
| 12.3.1 | 186 |
+---------+----------------+t
Tomas Touceda
04/13/2022, 5:13 PMhi! not currently
➕ 1
z
zwass
04/13/2022, 6:12 PMNot in Fleet directly, but I ❤️ unix tools, so I'd recommend this:
fleetctl query --labels 'All Hosts' --query 'SELECT version FROM os_version' --timeout 15s | jq '.rows[0].version' | sort | uniq -c
56% responded (91% online) | 10/18 targeted hosts (10/11 online)
Stopped by timeout
1 "11.6.3"
2 "12.2.1"
1 "12.3"
4 "12.3.1"
2 "20.04.3 LTS (Focal Fossa)"
1 "CentOS Stream release 8"k
Kathy Satterlee
04/13/2022, 6:22 PMBeat me to it 🙂
fleetctl get hosts --json | jq '.spec .os_version' | sort | uniq -cYou could also fetch host data using the REST API and parse through it in whatever manner you prefer!
z
zwass
04/13/2022, 7:22 PMAh love it Kathy! Even simpler!
n
n8felton
04/13/2022, 7:36 PMThanks!
ooo, I'll have to take a quick look at
GET /api/latest/fleet/hosts/countooo, spelunking through issues lead me to https://github.com/fleetdm/fleet/issues/2825 too.