https://github.com/osquery/osquery logo
Title
a

Adam Connor

07/07/2022, 1:39 AM
Hi All, I’m exploring the API and have it running in Postman. All of the queries report exactly as described in the docs, except ‘List Queries’ ie.
GET /api/v1/fleet/queries
I’m actually receiving this response-
{
  "queries": []
}
I’m not sure how to troubleshoot this, any hints please?
b

Benjamin Edwards

07/07/2022, 1:55 AM
Hey Adam, are you using our postman collection? Or building your own? Do you have any queries?
a

Adam Connor

07/07/2022, 1:56 AM
using the imported collection from Fleet
💯 1
ah good question - I thought I did have queries!
😅 1
yes I do have the standard query pack and I’ve made a few new ones- so I should be able to ‘find by query ID’ let me try that
that does work. Perhaps I’ve just misunderstood the intent here, I’ll re-read the docs
b

Benjamin Edwards

07/07/2022, 3:17 AM
Hmm let me try
curl --location --request GET 'https://<host>/api/v1/fleet/queries' \
--header 'Authorization: Bearer <token>'
this is definitely returning queries for me
ah is your user's role observer?
a

Adam Connor

07/07/2022, 3:22 AM
yes, observer
b

Benjamin Edwards

07/07/2022, 3:22 AM
queries that are Observers can run are returned
a

Adam Connor

07/07/2022, 3:22 AM
ah, got it- thanks so much for your help!
b

Benjamin Edwards

07/07/2022, 3:23 AM
no problem
👍 1
if you hit that API as an admin you'd get back the full list
a

Adam Connor

07/07/2022, 3:24 AM
fantastic, that was the only odd thing I found, permissions issue makes sense. Now I’m off to figure out how to give my analytics software access to the DB safely!