Analyzing our fleetdm status events at Splunk, we ...
# fleets
spookerlabs
06/18/2021, 12:40 AMAnalyzing our fleetdm status events at Splunk, we just noticed that software inventory queries are not working fine since osqueryd running as "admin/root" needs
consider JOINing against the users tablespookerlabs
06/18/2021, 12:40 AMspookerlabs
06/18/2021, 12:41 AMs
Sarah Gillespie
06/18/2021, 7:45 PM@spookerlabs, thanks very much for sharing this. Would you mind filing a GitHub issue?
s
spookerlabs
06/18/2021, 7:54 PMI'll double check latest version since Im using Fleet 3.11.0-5-g6491a25c and not latest one.
spookerlabs
06/18/2021, 7:54 PMIf I confirm I'll open an issue.
ty 1
n
Noah Talerman
06/23/2021, 2:21 PM@spookerlabs the issue you’ve reported will likely not be resolved in the latest release of Fleet (3.13.0). However, the Fleet team would like to resolve this in the upcoming release.
Do the software inventory queries run successfully? If so is the issue that they create unnecessary entries, due to these osquery warnings, in Splunk?
s
spookerlabs
06/23/2021, 4:52 PMHi there! Looking into Hosts Software , for example Ubuntu Desktop, it shows online types
Packages PythonPackage (deb)Package (APT)spookerlabs
06/23/2021, 5:01 PMAnother point, is there a restriction to run on only some Labels ? Because I have some Linux Mint in my fleet and Software Inventory didn't return anything
2 Views