can I use the fleet api to fetch results from a scheduled query pack? where can i find documentation on this?

You cannot. Scheduled query results are logged to whatever logging plugin you have configured and are not stored in the Fleet DB.

is this something will may become available in the future? Like in a roadmap?

Depends on what exactly you are looking to achieve. You can store some query results along with a host currently (see https://github.com/fleetdm/fleet/blob/master/docs/1-Using-Fleet/2-fleetctl-CLI.md#fleet-configuration-options). We do not have anything on the roadmap that could compete with Splunk/Elastic as far as storing large amounts of historical data.

Hi @Edward. When you thought of potentially using the Fleet API to fetch results from a scheduled query pack, what kind of host data were you trying to retrieve?

like os name, version, installed application, kernel version

Got it. Each host’s os name and os version are available using the

api/v1/fleet/hosts

endpoint. See the API documentation for this endpoint here: https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/1-Using-Fleet/3-REST-API.md#list-hosts Viewing each host’s installed software (I’m assuming this is what you mean by application) was released behind a feature flag in Fleet 3.11.0 and called Software inventory. See the feature flag documentation for instructions on turning on Software inventory in Fleet: https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/3-Deployment/2-Configuration.md#feature-flags Once the Software inventory feature is turned on, a list of a specific host’s installed software is available using the

api/v1/fleet/hosts/{id}

endpoint. See the documentation on this endpoint here: https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/1-Using-Fleet/3-REST-API.md#get-host On kernel version: It’s now possible in Fleet to retrieve each host’s kernel version, using the Fleet API, through

additional_queries

. The Fleet configuration options yaml file includes an

additional_queries

property that allows you to append custom query results to the host details returned by the

api/v1/fleet/hosts

endpoint. See an example configuration file with the

additional_queries

field here: https://github.com/fleetdm/fleet/blob/9fb9da31f5462fa7dda4819a114bbdbc0252c347/docs/1-Using-Fleet/2-fleetctl-CLI.md#fleet-configuration-options

what's the API URL? I see api paths like:

GET /api/v1/fleet/hosts

but don't I also need the api url? Also where can I find the api key?

don’t I also need the api url?

Correct! The API URL is dependent on your Fleet web address. For example, if your Fleet web address is https://fleet.acme.org (this is how you would access the Fleet UI) then your API URL will be https://fleet.acme.org/api/v1/fleet/hosts.

Also where can I find the api key?

You can find your API key using the Fleet UI. Select the avatar in the far right of the top navigation and then select “My account” from the dropdown menu. On the My account page, select the “Get API token” in the right side bar.

so I ran a curl command:

Yeah, that doesn't look like an error from Fleet.