Activity Logs

Description

The FleetDM Activity Logs input component collects activity log data from a FleetDM instance via its API. It tracks various activities like team creation, live queries, saved query management, and software installation events. The component maintains state to track the last processed activity and supports incremental data collection with configurable sync frequencies. This input is compatible with both self-hosted and cloud FleetDM deployments.

Prerequisites

A FleetDM instance (self-hosted or cloud)
FleetDM API key with permissions to access activity logs
Network access to your FleetDM instance URL
FleetDM version compatibility: All versions with activity logs API support

Configuration Options

Settings

Setting	Type	Required	Description
fleet_url	string	Yes	URL of your FleetDM instance
sync_frequency	integer	Yes	Frequency in seconds to sync activities (60-3600). Default: 60

Secrets

Secret	Type	Required	Description
api_key	string	Yes	API Key for authenticating with the FleetDM API

Example Configuration

{
  "settings": {
    "fleet_url": "https://your-fleet-instance.com",
    "sync_frequency": 60
  },
  "secrets": {
    "api_key": "your-api-key-here"
  }
}

Functionality

The component processes activity logs using the following workflow:

Connects to FleetDM API using provided credentials
Fetches activities in paginated batches (1000 per page)
Tracks last processed activity ID to ensure incremental collection
Sends activities to the pipeline for processing
Updates state after each successful activity processing

Limitations

Maximum page size of 1000 activities per request
Sync frequency must be between 60 and 3600 seconds
Activities are processed in ascending order by ID
Requires valid FleetDM API access

Troubleshooting

Common error scenarios and resolutions:

Connection Issues

Error: "unexpected status code"
Resolution: Verify fleet_url is correct and API key has proper permissions

Configuration Issues

Error: "Fleet URL is required"
Resolution: Ensure fleet_url is provided in settings
Error: "API Key is required"
Resolution: Ensure api_key is provided in secrets
Error: "Invalid sync frequency"
Resolution: Set sync_frequency between 60 and 3600 seconds

API Reference

The component uses the following FleetDM API endpoint:

GET /api/v1/fleet/activities

Parameters:

page: Page number for pagination
per_page: Number of activities per page (max 1000)
order_key: Field to order by (default: id)
order_direction: Sort direction (default: asc)

Sample Record

{
  "created_at": "2025-08-11T23:46:46.332045Z",
  "id": 616,
  "actor_full_name": "Sarah Miller",
  "actor_id": 36,
  "actor_gravatar": "",
  "actor_email": "",
  "type": "live_query",
  "details": {
    "host_id": 562,
    "host_display_name": "Alice Williams's MacBook Pro",
    "software_title": "Chrome.app",
    "script_execution_id": "a9d7bddd-c51e-7b64-3131-e550a2b5fe23",
    "status": "failed_install"
  }
}

Description​

Prerequisites​

Configuration Options​

Settings​

Secrets​

Example Configuration​

Functionality​

Limitations​

Troubleshooting​

API Reference​

Related Resources​

Sample Record​