👋 Is there any way in Fleet to query only the “ONLINE” hosts? I cant seem to find it neither the concept of ONLINE seems to be something I can replicate with a label. Thanks for the help

If you run a live query targeted at All Hosts you will only get responses from hosts that are online. Does that achieve what you want?

I guess so Zach, just wonder if there were any way to only target the online ones. We have around 1200 online and also a high number of offline ones, when running the adhoc query, the bar process does not make much sense targeting all of of them and at the end getting stuck when reaches the end of online ones so we have to stop the query running.

Is this in the web UI or fleetctl?

I've noticed that with offline hosts in the UI search as well

@Dan Achin is your issue that we don't prioritize online hosts in the live query selector?

@zwass this is using the UI for adhoc, but yeah we are also expanding on the usage of fleetctl. Just wanted to pass along the feedback that ideally having a concept of online hosts as part of a tag we can target might not be a bad idea

@zwass, we don't have an issue per se. I was just confirming that I'd seen what Alejandro was describing with ah-hoc queries from the UI. I don't think it's going to affect us too much as we'll be scheduling as much as we can since ad-hoc queries aren't logged, and we rely on reviewing the results of our queries in our Splunk env. Also, if we do run ah-hoc queries, I'm guessing we'll use fleetctl more than the UI.