Channels
doorman
infrastructure
random
zercurity
community-feeds
fleet-dev
code-review
queryhub
apple-silicon
carving
tls
fim
goquery
zentral
aws
querycon
golang
zeek
file-carving
fuzzing
auditing-warroom
linen-dev
fleetosquery
plugins
jobs
arm-architecture
darkbytes
process-auditing
uptycs
android_tests
selfgroup
vendor-feeds
fleet
eclecticiq-polylogyx-extension
ebpf
website
core
general
macos
kolide
osctrl
extensions
foundation
sql
officehours
linux
windows
Title
e
Esteban
09/22/2020, 2:40 PMI want to group hosts by osq version but even with a GROUP BY, osquery always returns me one row per host
z
Zach Zeid
09/22/2020, 2:42 PMThis might be better for #sql but posting the query would help
s
seph
09/22/2020, 3:03 PMWhat are you querying? osquery returns data for one host. If you’re trying to aggregate, then you need some kind of intermediary storage
e
Esteban
09/22/2020, 3:39 PMMultiple hosts by Kolide, i want to group by one value and merge rows
s
seph
09/22/2020, 3:40 PMWhat Kolide product? And querying how?
I don’t think Fleet (Kolide’s OSS offering) has a data aggregation side. Something like live query is sending the queries out, and returning there. There is no consolidated database of results.
You may, however, be interested in our SaaS offering.
z
zwass
09/22/2020, 3:48 PMWith Fleet you can use fleetctl to query from your shell and then use pipes to do something like
fleetctl query | jq (select some part you are interested in) | sort | uniq