Hi, API question here ... I'm experimenting with the API to allow some other tools to ingest the data that comes from some basic queries . Now I am able to use the api to return query information on host-id 1,2 ,5,7 . but how to I do this for all hosts in the inventory

hi there, you could list all hosts, depends what information you want to get. You might need to get it one by one

Hi @Marc Roelofs, if you want to run a live query on all hosts, you can first look up the

id

the all hosts label using

GET /api/v1/fleet/labels

endpoint. In the results, you should find an entry that looks something like this:

{
  "labels": [
    {
      "created_at": "2022-02-14T15:58:54Z",
      "updated_at": "2022-02-14T15:58:54Z",
      "id": 6,
      "name": "All Hosts",
      "description": "All hosts which have enrolled in Fleet",
      "query": "select 1;",
      "platform": "",
      "label_type": "builtin",
      "label_membership_type": "dynamic",
      "host_count": 2010,
      "display_text": "All Hosts",
      "count": 2010,
      "host_ids": null
    },

The

id

might be different in your instance so I recommend confirming just to be sure. Then you can plug that into the body of your prior request to the

POST /api/v1/fleet/queries/run

endpoint, something like this:

{
    query: "SELECT * FROM osquery_info;",
    query_id: 60,
    selected: {
      hosts: [],
      labels: [6],
      teams: []
    },
}

You can also target subsets of hosts using the other builtin labels or set up your own custom labels.

Hi @Sarah Gillespie thanks for this , I'll give it a try (new to API connectivity, but it looks very powerful)