https://github.com/osquery/osquery logo
Join Slack
Powered by
Hi, there's any way to export Query Packs (along w...
# fleet
e
Hi, there's any way to export Query Packs (along with its queries) ?
n
Hi, the Exporting All Queries and Packs section of this blog post provides helpful instructions for achieving this using 
fleetctl
e
Thank you, i'll try it
I didn't say anything about exporting, just how you can list the Packs or Queries on the system
n
Hi, you’re totally right. Once you have the pack names you can get each individual pack in YAML config format with the command 
fleetctl get p <insert_pack_name>
. This will output the properly formatted config in the terminal. There’s currently no way to get the YAML config for multiple query packs in one command.
For your use case, why would you like to be able to export Query Packs?
e
Yes but 
fleetctl get p <insert_pack_name>
will not list the queries in the pack, only the names. In any case im trying to migrate from kolide/fleet to fleetdm/fleet with a clean database
It will be nice to list the query pack along with associated queries
n
im trying to migrate from kolide/fleet to fleetdm/fleet with a clean database
Got it. Yes you’re correct that only the names of the queries are listed and this doesn’t help you in your migration efforts.
These are the multiple steps that I believe will help you achieve your use case of migrating query packs along with queries to your new install of Fleet: 1. With your kolide/fleet instance running, run 
fleetctl get queries --yaml
. This will output a list of queries in YAML format. Copy this list into a new file called something like 
queries.yml
2. With your kolide/fleet instance running, run 
fleetctl get packs --yaml
. This will output a list of query packs in YAML format. Copy this into a new file called something like 
packs.yml
3. Now, with your fleetdm/fleet instance running, run 
fleetctl apply -f queries.yml
. This will import all the queries from your new 
queries.yml
file into your new Fleet instance. 4. With your fleetdm/fleet instance running, run 
fleetctl apply -f packs.yml
. This will import all the query packs along with the correct queries (that you just imported) into your new Fleet instance.
e
Thank you! That's more clearly
n
Great! Let me know how this works out :)
e
It work, very straightforward
🍻 1
4 Views
Open in Slack
PreviousNext
Powered by