hi all, I’m having issues with fleetctl. Following the docs (after the correct setup of fleetctl with my existing fleet server) I am not able to apply multiple queries in a single file (I’m using version 3.11.0, and fleetctl is the windows version). My queries.yml file is this:

---
apiVersion: v1
kind: query
spec:
  name: osquery_schedule
  description: Report performance stats for each file in the query schedule.
  query: select name, interval, executions, output_size, wall_time, (user_time/executions) as avg_user_time, (system_time/executions) as avg_system_time, average_memory, last_executed from osquery_schedule;
---
apiVersion: v1
kind: query
spec:
  name: osquery_info
  description: A heartbeat counter that reports general performance (CPU, memory) and version.
  query: select i.*, p.resident_size, p.user_time, p.system_time, time.minutes as counter from osquery_info i, processes p, time where p.pid = i.pid;
---
apiVersion: v1
kind: query
spec:
  name: osquery_events
  description: Report event publisher health and track event counters.
  query: select name, publisher, type, subscriptions, events, active from osquery_events;

using the command:

fleetctl.exe apply -f queries.yml

it applies only the first query (osquery_schedule) but not the others. Am I doing something wrong?

Hi Bacarus, you can try adding the

--debug

flag to your command to dig deeper into what might be going wrong and share what you find with the channel