Contents

Changelog

New: Run Live Queries Continuously

March 31st, 2020

Ever write a useful Live Query and wish you could run it continuously to keep the results up-to-date? With the newly released Continuous Live Query option, you can now run those queries on a scheduled interval so you can always have the latest data.

About Live Query

When we launched Live Query last November, it introduced a way for you and your team to quickly run osquery SQL on all the devices in your fleet, and receive an instantaneous response from online devices.

When we launched the feature though, it contained two major limitations:

  1. You could only target specific devices in your fleet
  2. The query would only run once on the devices you targeted

With this update, both of these limitations are eliminated, and Live Query is now a much more powerful tool for regularly collecting device data your organization cares about.

New Target Selector

When you run queries continuously, it is very important to be able to select devices by their platform so that newly enrolled devices will be targeted by the query in future runs.

In anticipation of Continuous Live Query, we have rebuilt the target selector to now make this group selection possible.

#

Running Queries Continuously

To run write a query that will run continuously, simply write a new query and press Save/Run. Once you are happy the query returns the data you are looking for, you can click the “Draft” button, and in the modal that appears, select Published under visibility options. This should reveal an option where you can choose the desired continuous interval you would like to run the query.

# Additional Published Query Protection

When you publish a Live Query, you allow others on your team to see it. Unfortunately, even well-meaning team members may not realize that when they modify that query, they may be erasing/modifying important information that others rely on.

To help mitigate this, users will now notice the Save & Run button turns orange when either the SQL or targets are modified.

If they click the orange Save & Run button, they will now be presented with a helpful dialog that gives them a number of options that clarifies their intent.

#

Feedback/Questions?

These changes represent just a small portions of the plans we have for improving Live Query this year.

We hope you find these improvements useful, and we welcome any feedback or suggestions on how we can make them even better.

Share this story:

More articles you
might enjoy:

Changelog
Inventory and Live Query Performance Improvements
Kolide
Changelog
Introducing Deeper Integration With Your SSO Provider
Blaed Johnston
Changelog
New Device Inventory: TPM Chips
Jason Meller
Watch a Demo
Watch a Demo