Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#14415 API design: Per-host query report endpoint #14805

Merged
merged 9 commits into from
Dec 15, 2023
Merged

#14415 API design: Per-host query report endpoint #14805

Changes from 6 commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
d5fcda9
Update rest-api.md
rachaelshaw Oct 30, 2023
6c638fe
Update rest-api.md
rachaelshaw Nov 28, 2023
2aa3cb5
Move per-host query report into its own API endpoint
rachaelshaw Nov 29, 2023
e5b1e61
Update docs/REST API/rest-api.md
rachaelshaw Nov 29, 2023
3df8b6c
Update docs/REST API/rest-api.md
rachaelshaw Nov 30, 2023
5af090f
Update docs/REST API/rest-api.md
rachaelshaw Nov 30, 2023
dcd3c1b
Update docs/REST API/rest-api.md
rachaelshaw Dec 8, 2023
1e38924
Update docs/REST API/rest-api.md
rachaelshaw Dec 8, 2023
c373f1e
Merge branch 'main' into 14415-rest-api-proposal
rachaelshaw Dec 8, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
73 changes: 70 additions & 3 deletions docs/REST API/rest-api.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5491,6 +5491,7 @@ Either `query` or `query_id` must be provided.
- [List queries](#list-queries)
- [Get query](#get-query)
- [Get query report](#get-query-report)
- [Get query report for one host](#get-query-report-for-one-host)
- [Create query](#create-query)
- [Modify query](#modify-query)
- [Delete query by name](#delete-query-by-name)
Expand Down Expand Up @@ -5676,9 +5677,9 @@ Returns the query report specified by ID.

#### Parameters

| Name | Type | In | Description |
| ---- | ------- | ---- | ------------------------------------------ |
| id | integer | path | **Required**. The ID of the desired query. |
| Name | Type | In | Description |
| --------- | ------- | ----- | ------------------------------------------ |
| id | integer | path | **Required**. The ID of the desired query. |

mostlikelee marked this conversation as resolved.
Show resolved Hide resolved
#### Example

mostlikelee marked this conversation as resolved.
Show resolved Hide resolved
Expand Down Expand Up @@ -5752,6 +5753,72 @@ If a query has no results stored, then `results` will be an empty array:

> Note: osquery scheduled queries do not return errors, so only non-error results are included in the report. If you suspect a query may be running into errors, you can use the [live query](#run-live-query) endpoint to get diagnostics.

### Get query report for one host

Returns a query report for a single host.

`GET /api/v1/fleet/hosts/{id}/queries/{query_id}`
rachaelshaw marked this conversation as resolved.
Show resolved Hide resolved

#### Parameters

| Name | Type | In | Description |
| --------- | ------- | ----- | ------------------------------------------ |
| id | integer | path | **Required**. The ID of the desired host. |
| query_id | integer | path | **Required**. The ID of the desired query. |

#### Example

`GET /api/v1/fleet/hosts/123/queries/31`

##### Default response

`Status: 200`

```json
{
"query_id": 31,
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"report_clipped": false,
"results": [
{
"columns": {
"model": "USB 2.0 Hub",
"vendor": "VIA Labs, Inc."
}
},
{
"columns": {
"model": "USB Keyboard",
"vendor": "VIA Labs, Inc."
}
},
{
"columns": {
"model": "USB Reciever",
"vendor": "Logitech"
}
}
]
}
```

If a query has no results stored for the specified host, then `results` will be an empty array:

```json
{
"query_id": 31,
rachaelshaw marked this conversation as resolved.
Show resolved Hide resolved
"host_id": 1,
"host_name": "foo",
"last_fetched": "2021-01-19T17:08:31Z",
"report_clipped": false,
"results": []
}
rachaelshaw marked this conversation as resolved.
Show resolved Hide resolved
```

> Note: osquery scheduled queries do not return errors, so only non-error results are included in the report. If you suspect a query may be running into errors, you can use the [live query](#run-live-query) endpoint to get diagnostics.

### Create query

Creates a global query or team query.
Expand Down
Loading