Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Get started Built-in checks Raw data App library Tutorials & guides API SUPPORT Chat Contribute Release notes "Why is Fleet on my computer?" Get your license
Stories
What people are saying News Ask around Take a tour COMPANY Origins   (Fleet & osquery) The handbook Logos/artwork Why open source?
Pricing Try it yourself
{{thisPage.meta.articleTitle}}
search

Import and export queries in Fleet

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Share this article on Hacker News Share this article on LinkedIn Share this article on Twitter
Docs Docs REST API REST API Guides Guides Talk to an engineer Talk to an engineer

Import and export queries in Fleet

{{articleSubtitle}}

| The author's GitHub profile picture

Noah Talerman

Import and export queries in Fleet

Import and export queries in Fleet

When managing multiple Fleet instances, you may want to move queries from one instance to another. Or, when inspired by queries shared by a member of the osquery community, you might want to import these queries into your Fleet instance. To do this, you need to have access to a Unix shell and the fleetctl CLI tool.

Below are two example scenarios.

Example scenario 1: Moving queries from one Fleet instance to another

Let’s say you use Fleet at work and you also have a Fleet instance in your lab at home. You were testing some queries at home and you want to share these queries with your team at work.

How to export and import queries:

  1. In your home lab, run the fleetctl login command to log in to Fleet.

  2. Run the following command to export your queries into a queries.yml file:

fleetctl get queries --yaml > queries.yml

An icon indicating that this section has important information

queries.yml will be created in your current working directory.

  1. Upload your queries.yml file to GitHub so that you can download this file onto your work computer.

  2. At work, with queries.yml downloaded in your current working directory, run the following command to import your queries:

fleetctl apply -f queries.yml

Example scenario 2: Importing community queries into Fleet

You just found a collection of awesome queries for Fleet and you want to import them into your Fleet instance.

How to import queries:

  1. Create a new file, palantir-queries.yml, and paste in the desired queries in the correct Fleet configuration format.
  2. Run the command fleetctl apply -f awesome-queries.yml.

Could this post be more helpful?

Let us know if you can think of any other example scenarios you’d like us to cover.