From 4c639a9dc7fcb93f50af109ab5a770a6c1de5dd8 Mon Sep 17 00:00:00 2001 From: Rachael Shaw Date: Thu, 9 Nov 2023 18:38:13 -0800 Subject: [PATCH] Docs: Using Fleet > Fleet UI changes for #7766 (#14977) + Updated content about scheduling a query to reference saving query results in Fleet (re: #7766). + Cut/combined content about managing automations. --- docs/Using Fleet/Fleet-UI.md | 32 ++++++-------------------------- 1 file changed, 6 insertions(+), 26 deletions(-) diff --git a/docs/Using Fleet/Fleet-UI.md b/docs/Using Fleet/Fleet-UI.md index da80b0342d..8780c3475d 100644 --- a/docs/Using Fleet/Fleet-UI.md +++ b/docs/Using Fleet/Fleet-UI.md @@ -46,41 +46,21 @@ The query may take several seconds to complete because Fleet has to wait for the *In Fleet 4.35.0, the "Schedule" page was removed, and query automations are now configured on the "Queries" page. Instructions for scheduling queries in earlier versions of Fleet can be found [here](https://github.com/fleetdm/fleet/blob/ac797c8f81ede770853c25fd04102da9f5e109bf/docs/Using-Fleet/Fleet-UI.md#schedule-a-query).* ->Only users with the [admin role](https://fleetdm.com/docs/using-fleet/manage-access#admin) can manage query automations. +Fleet allows you to schedule queries to run at a set frequency. Scheduled queries will send data to Fleet and/or your [log destination](https://fleetdm.com/docs/using-fleet/log-destinations) automatically. -Fleet allows you to schedule queries to run at a set frequency. Scheduled queries will send data to your log destination automatically. +By default, queries that run on a schedule will only target platforms compatible with that query. This behavior can be overridden by setting the platforms in **Advanced options** when saving a query. -The default log destination, **filesystem**, is good to start. With this set, data is sent to the `/var/log/osquery/osqueryd.snapshots.log` file on each host’s filesystem. To see which log destinations are available in Fleet, head to the [log destinations page](https://fleetdm.com/docs/using-fleet/log-destinations). +**How to send data to your log destination:** -By default, queries that run on a schedule will only target platforms compatible with that query. This behavior can be overridden by setting the platforms in "advanced options" when saving a query. - -**How to schedule queries:** +*Only users with the [admin role](https://fleetdm.com/docs/using-fleet/manage-access#admin) can manage query automations.* 1. In the top navigation, select **Queries**. 2. Select **Manage automations**. -3. Check the box next to the queries you want to automate, and select **Save**. +3. Check the box next to the queries you want to send data to your log destination, and select **Save**. (The frequency that queries run at is set when a query is created.) -> The frequency that queries run at is set when a query is created. - -With Fleet Premium, you can schedule queries for groups of hosts using [the teams feature](https://fleetdm.com/docs/using-fleet/segment-hosts). This allows you to collect different data for each group. - -> In Fleet Premium, groups of hosts are called "teams." - -**How to use teams to schedule queries for a group of hosts:** - -1. If you haven't already, first [create a team](https://fleetdm.com/docs/using-fleet/segment-hosts#create-a-team) and [transfer hosts](https://fleetdm.com/docs/using-fleet/segment-hosts#transfer-hosts-to-a-team) to the team. - -2. In the top navigation, select **Queries**. - -3. In the **Teams** dropdown below the top navigation, select the team you want to manage automation for. - -4. Select **Manage automations** - -5. Select the queries you want to run on a schedule for this team, and select **Save**. - - > Note: Only queries that belong to the selected team will be listed. When configuring query automations for all hosts, only global queries will be listed. +> Note: When viewing a specific [team](https://fleetdm.com/docs/using-fleet/segment-hosts) in Fleet Premium, only queries that belong to the selected team will be listed. When configuring query automations for all hosts, only global queries will be listed. ## Update agent options