Title
#fleet
w

wennan.he

10/20/2022, 8:14 PM
Hi fleet team, does fleet support query running on a given ip list?
Kathy Satterlee

Kathy Satterlee

10/20/2022, 8:38 PM
You can use a host's IP address as a filter in the target picker. If you could give an example scenario, that would be helpful for giving you the best advice!
w

wennan.he

10/20/2022, 8:43 PM
if i have a ip list like ipa, ipb, ipc
8:43 PM
you mean i need pick each of them in UI one by one?
Kathy Satterlee

Kathy Satterlee

10/20/2022, 8:46 PM
Would this be a group that you’d want to query together frequently, or as a one off? Is this a live query, or something you’d want to schedule? Where are those IP addresses coming from? Would you want to do this through the UI, the API, or fleetctl?
w

wennan.he

10/20/2022, 8:47 PM
they could be very random query running
8:47 PM
and i dont want to schedule it
8:47 PM
ui api fleetctl, i think all of them work for me.
9:01 PM
any suggestions?@Kathy Satterlee
Kathy Satterlee

Kathy Satterlee

10/20/2022, 9:23 PM
I'll respond as soon as I can 😃 This is primarily a community-based forum and, while I do try to be as helpful as I can, I'm not always able to respond immediately.
9:29 PM
What I'd likely do in this case is set up a script that would use the REST API to: 1. Create the query https://fleetdm.com/docs/using-fleet/rest-api#create-query and save the query ID 2. Loop over the list of IP addresses and fetch the host using the IP as
query
to build an array of host IDs: https://fleetdm.com/docs/using-fleet/rest-api#list-hosts 3. Run the live query using the IDs collected in 1 and 2 https://fleetdm.com/docs/using-fleet/rest-api#run-live-query 4. (optionally) Delete the query https://fleetdm.com/docs/using-fleet/rest-api#delete-query
9:30 PM
At least if this was something I was likely to have to do often enough to make selecting the hosts one by one in the UI inefficient.
w

wennan.he

10/20/2022, 9:31 PM
do i need any certificate when icall this api?
Kathy Satterlee

Kathy Satterlee

10/20/2022, 9:31 PM
You'd need to include an authorization header with a valid token.
w

wennan.he

10/20/2022, 9:35 PM
so i just need to put the api token in the header when calling every api of fleet, right?
Kathy Satterlee

Kathy Satterlee

10/20/2022, 9:36 PM
Correct. Anything but
/login
uses that token to authenticate.