https://github.com/osquery/osquery logo
#fleet
Title
z

Zach Zeid

12/11/2020, 10:15 PM
I do miss the grid view, and it doesn't appear that I can resize the columns so even on my very wide monitor, I still have to scroll
m

mikermcneil

12/11/2020, 11:29 PM
Hey Zach, thanks for the feedback. How many hosts do you normally have in your Fleet instance? cc @Noah Talerman
z

Zach Zeid

12/12/2020, 2:52 PM
This is just a dev instance of fleet, so we only have about 100 instances in this case. production fleet is expected to be online sometime soon, and that'll have ~4k.
👍 2
n

nyanshak

12/14/2020, 6:45 PM
just going to pile onto this with an upvote • resizable columns • selecting & re-ordering columns • less whitespace additional feedback: • the delete & query icons are so similar, I want more contrast. • I miss the colors for online / offline, but I'll wait to see how I feel about it in a few days. MIA icon upvote And I'll end with: 🎉 overall I'm a huge fan of the updates 😄
n

Noah Talerman

12/14/2020, 8:04 PM
Thanks for the suggestions and feedback! A restructuring of the Hosts page, including more control over the hosts table, is something we’re definitely looking into.
n

nyanshak

12/14/2020, 8:05 PM
Oh and how many hosts in fleet instance? Have multiple fleet instances for different environments, but largest individual one is XX,000.
n

Noah Talerman

12/14/2020, 8:09 PM
Oh and how many hosts in fleet instance?
This question stems from not fully understanding your setup for Fleet. Does the small count above your hosts table not display the correct host total?
Or the hosts total you’d like to see.
n

nyanshak

12/14/2020, 8:11 PM
It seems to work for me, won't claim to speak for Zach Zeid above. (separate company) -- I just figured a rough idea of host count may be useful
👍 1
💯 1
z

Zach Zeid

12/14/2020, 8:11 PM
we're only running a few dozen in our dev instance, we expect there to be more once we deploy a production-ready environment
n

Noah Talerman

12/14/2020, 8:16 PM
Got it.
Also, we’re looking into adding a Host details page that would display detailed info about the selected host. What pieces of information would you like to see on this Host details page?
z

Zach Zeid

12/14/2020, 8:23 PM
ttbh, I'd love to be able to dynamically populate host details with query decorators, at the very least.
n

nyanshak

12/14/2020, 8:32 PM
^ yes this If there were a very detailed page, I'd love to be able to see decorator values, for example, maybe displaying "additional host details" query info. Example: I'm considering getting installed packages via additional hosts queries. Then if I could display that, I could see what packages are installed on the host. Example: I might add decorators for environment, service name, etc. Being able to choose either decorators or additional host info to display would be useful. Generic: • osquery config hash • kernel version • label(s) for the host • some sort of presentation of osquery_schedule info (for denylisted queries / performance analysis?) or maybe on a separate page that could aggregate / slice & dice this data? • flags / options 🤷 • which packs / queries apply to the host • which enroll secret the host used • host uuid
👍 2
n

Noah Talerman

12/15/2020, 5:48 PM
Great suggestions. Thank you. Why would it be helpful to see decorator values in the UI? Same question but more specific to the example, why would you like to see what packages are installed on the host, the environment, and service name in the UI?
n

nyanshak

12/15/2020, 5:50 PM
decorator values: I guess maybe less-specifically I would say: "user-defined query results showing in the UI". Maybe that's decorators, maybe additional hosts queries. It can be used to display extra metadata specific to our environment, for example: owner, service name, environment, etc.
That can be useful when trying to figure out "is X service / host reporting? How many of X service hosts are reporting, etc" in fleet. We can currently get this info through log aggregation so it's not exactly the most urgent request.
The packages installed - maybe not immediately useful but I imagine if this is collected in Fleet, then another future use case would be to show packages that are missing security updates.
👍 1
n

Noah Talerman

12/15/2020, 6:10 PM
That can be useful when trying to figure out “is X service / host reporting? How many of X service hosts are reporting, etc” in fleet.
Would displaying the extra metadata on a Host details page achieve these goals with something like XX,XXX hosts reporting? I’m curious if including the extra metadata on each individual Hosts detail pages alone would achieve these goals. Or if a way to search/sort hosts (by owner, service name, etc.) in the UI is also necessary.
n

nyanshak

12/15/2020, 6:35 PM
It's mostly about correlation of data. Okay, an individual host page doesn't need to solve "how many of this host". But if I can say "oh this is a prod foo-service host", then I can go look for more of those. I definitely think there's a lot that could be done on the search front to make this better.
But you can kind of work around it a bit with labels, thought it's not really perfect... Example: prod and foo-service are distinct labels, but I should be able to find the intersection of those labels, which maybe could be done in search.
There's different paths that I might take... 1. Someone might say "hey look at X host". While looking at that host, viewing tags / other metadata for that host could help find other similar hosts. 2. OR maybe I am looking at an aggregation and I click through to an individual host, but I want to keep context (metadata) on the individual host page in case I have multiple tabs open.
👍 1
And again, for me these are nice-to-have. I mostly use the API through fleetctl and the logs generated from osquery in our log aggregator.
👍 1
If these existed in fleet, I might actually use Fleet's UI more though instead.
👍 1
n

Noah Talerman

12/15/2020, 9:47 PM
It’s mostly about correlation of data.
This detail is super helpful for my understanding. And thank you for the different paths explanation.
My working understanding of the benefits you’re explaining: Revealing host metadata in the UI (via decorators or something else) would allow for quick visual identification, comparison, or aggregation of hosts. This is helpful for further investigation when someones noticed a detail about a particular host or set of hosts (change, vulnerable package, etc.).
n

nyanshak

12/15/2020, 9:48 PM
nods
👌 1
m

mikermcneil

12/17/2020, 8:25 PM
Thanks everyone. This on our list for Jan.
3 Views