06/18/2021, 12:40 AM
Analyzing our fleetdm status events at Splunk, we just noticed that software inventory queries are not working fine since osqueryd running as "admin/root" needs
consider JOINing against the users table
12:40 AM
12:41 AM
Sarah Gillespie

Sarah Gillespie

06/18/2021, 7:45 PM
@spookerlabs, thanks very much for sharing this. Would you mind filing a GitHub issue?


06/18/2021, 7:54 PM
I'll double check latest version since Im using Fleet 3.11.0-5-g6491a25c and not latest one.
7:54 PM
If I confirm I'll open an issue.
Noah Talerman

Noah Talerman

06/23/2021, 2:21 PM
@spookerlabs the issue you’ve reported will likely not be resolved in the latest release of Fleet (3.13.0). However, the Fleet team would like to resolve this in the upcoming release. Do the software inventory queries run successfully? If so is the issue that they create unnecessary entries, due to these osquery warnings, in Splunk?


06/23/2021, 4:52 PM
Hi there! Looking into Hosts Software , for example Ubuntu Desktop, it shows online types
Packages Python
Package (deb)
Package (APT)
. Nothing related to browsers extensions.
5:01 PM
Another point, is there a restriction to run on only some Labels ? Because I have some Linux Mint in my fleet and Software Inventory didn't return anything