Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

image.png

Hi, API question here ... I'm experimenting with the API to allow some other tools to ingest the data that comes from some basic queries . Now I am able to use the api to return query information on host-id 1,2 ,5,7 . but how to I do this for all hosts in the inventory

hi there, you could list all hosts, depends what information you want to get. You might need to get it one by one

Hi <@U02L63DU4P5>, if you want to run a live query on all hosts, you can first look up the `id` the all hosts label using `GET /api/v1/fleet/labels` endpoint. In the results, you should find an entry that looks something like this:
```{
  "labels": [
    {
      "created_at": "2022-02-14T15:58:54Z",
      "updated_at": "2022-02-14T15:58:54Z",
      "id": 6,
      "name": "All Hosts",
      "description": "All hosts which have enrolled in Fleet",
      "query": "select 1;",
      "platform": "",
      "label_type": "builtin",
      "label_membership_type": "dynamic",
      "host_count": 2010,
      "display_text": "All Hosts",
      "count": 2010,
      "host_ids": null
    },```
The `id` might be different in your instance so I recommend confirming just to be sure.
Then you can plug that into the body of your prior request to the `POST /api/v1/fleet/queries/run` endpoint, something like this:
```{
    query: "SELECT * FROM osquery_info;",
    query_id: 60,
    selected: {
      hosts: [],
      labels: [6],
      teams: []
    },
}```
You can also target subsets of hosts using the other builtin labels or set up your own custom labels.

Ah I see that you were using the `/GET` endpoint. The `/POST` endpoint works with a websocket connection so it may not be a fit for your use case.

Hi <@U0254KT09CJ> thanks for this , I'll give it a try (new to API connectivity, but it looks very powerful)