Fleet documentation
Welcome to the documentation for Fleet, the lightweight management platform for laptops and servers.
Can't find what you're looking for? Support
{{page.title}}
{{thisPage.title}}
-
{{page.title}}
- {{subpage.title}}
{{sectionName}}
Fleet UI
Fleet UI
Create a query
Queries in Fleet allow you to ask a multitude of questions to help you manage, monitor, and identify threats on your devices.
If you're unsure of what to ask, head to Fleet's query library. There you'll find common queries that have been tested by members of our community.
How to create a query:
In the top navigation, select Queries.
Select Create new query to navigate to the query console.
In the Query field, enter your query. Remember, you can find common queries in Fleet's library.
Select Save, enter a name and description for your query, select the frequency that the query should run at, and select Save query.
Run a query
Run a live query to get answers for all of your online hosts.
Offline hosts won’t respond to a live query because they may be shut down, asleep, or not connected to the internet.
How to run a query:
In the top navigation, select Queries.
In the Queries table, find the query you'd like to run and select the query's name to navigate to the query console.
Select Run query to navigate to the target picker. Select All hosts and select Run. This will run the query against all your hosts.
The query may take several seconds to complete because Fleet has to wait for the hosts to respond with results.
Fleet's query response time is inherently variable because of osquery's heartbeat response time. This helps prevent performance issues on hosts.
Schedule a query
In Fleet 4.35.0, the "Schedule" page was removed, and query automations are now configured on the "Queries" page. Instructions for scheduling queries in earlier versions of Fleet can be found here.
Fleet allows you to schedule queries to run at a set frequency. Scheduled queries will send data to Fleet and/or your log destination automatically.
By default, queries that run on a schedule will only target platforms compatible with that query. This behavior can be overridden by setting the platforms in Advanced options when saving a query.
How to send data to your log destination:
Only users with the admin role can manage query automations.
In the top navigation, select Queries.
Select Manage automations.
Check the box next to the queries you want to send data to your log destination, and select Save. (The frequency that queries run at is set when a query is created.)
Note: When viewing a specific team in Fleet Premium, only queries that belong to the selected team will be listed. When configuring query automations for all hosts, only global queries will be listed.
Update agent options
This content was relocated on 31st August 2023.
See "Agent configuration" to learn how to simultaneously update agent options from the Fleet UI or fleetctl command line tool.
Need more help?
Ask the community on Slack
Did we miss anything?
If you notice something we've missed or could be improved on, please follow this link and submit a pull request to the Fleet repo.
Back to top
SOC2 Type 2 certified
