Create a Monitoring Query

DOCUMENTATIONGUIDEIT OPERATIONSMONITORINGOPENFRAME

Phase 4 — Monitoring & Policies · Step 3

Section

June 19, 2026

Published

Vladislav Marchenko

Vladislav Marchenko

Head Of Marketing

Create a Monitoring Query

Phase 4 — Monitoring & Policies · OpenFrame Onboarding

Where a policy judges a device (pass/fail), a query just collects data from it on a schedule. Use queries for visibility — inventory, performance, configuration — when you want the information but don't need a compliance verdict. They're osquery too, so it's the same SQL, different purpose.


Before you start

  • You need an Admin role.
  • Target devices need the Fleet/osquery agent installed and online.
  • Decide your cadence up front: how often do you actually need this data refreshed? Hourly is plenty for most inventory; tighter intervals mean more frequent collection.

Create the query

  1. Go to Monitoring → Queries → Add Query.
  2. Name — what it collects, e.g. Windows Machine Summary.
  3. Frequency — a number plus a unit (e.g. Minutes, Hours). This is the schedule the query runs on — e.g. set it to run every 1 hour.
  4. Description — spell out what it gathers, e.g. Collects machine summary: hostname, CPU, memory, hardware details, OS version, and uptime for Windows devices.
  5. Query — the osquery SQL that returns the data you want. Unlike a policy, you're not writing for pass/fail — you're selecting the columns you care about. The Osquery Documentation link lists the available tables.

Scheduled vs. on-demand

  • Scheduled — the Frequency you set makes the query run automatically on that cadence, so the data stays fresh without you touching it.
  • On-demand — click Test Query to run it right now against real devices. Use this to check your SQL works (and preview the output) before you commit to a schedule.

So: Test Query to prove it out once, Frequency to keep it running.


Assign devices

In the Devices section, choose which machines the query collects from — individually, filtered by Device Tags, or Add All Devices. Same selector as policies; full detail in Assign Devices to a Monitoring Policy. Scope it to where the data is relevant (e.g. a Windows-only summary → Windows devices).


Save

Click Save Query. It appears on the Queries tab with its Frequency shown (e.g. Every 1h), and starts collecting on schedule. Each row's menu lets you manage it later.


Policy or query? A quick gut-check

  • "Tell me which machines fail a standard" → Policy (Create Your First Monitoring Check).
  • "Gather this data from these machines every hour" → Query (this guide).

You'll often use both: queries to see the lay of the land, policies to enforce the standards you care about.


Quick checklist

  • Named the query and described what it collects
  • Set a sensible Frequency
  • Wrote the osquery SQL to return the columns you want
  • Used Test Query to confirm output before scheduling
  • Scoped it to the right devices, then saved

What's next

You can now both check and collect. Next, get precise about which devices these run on — Assign Devices to a Monitoring Policy — and learn how failures surface in Understanding Alerts — Triage & Resolution.


Based on OpenFrame v0.9.19. Screens and defaults may shift between releases — when in doubt, what's in your console wins.

Vladislav Marchenko

Head Of Marketing

Hi all! My name is Vlad and I’ve been brought on to head the marketing team at Flamingo. Thankfully, this isn’t the first time I will be building a marketing department from scratch, so the experience should come in handy. Now it’s time to dive into the world of MSPs and find myself in this new world.

More in Phase 4 — Monitoring & Policies

Related Content

Product Releases

Webinars

Case Studies

Blog Posts

Frequently Asked Questions

MSP AI Agents

Yes. In production MSP shops today, 10% to 25% of tickets close before a human opens them. Thread alone has processed 173 million tickets across 750-plus MSP partners at 96% triage accuracy, handing back 490,000-plus technician hours. Agents own the low-risk, high-volume work (password resets, MFA enrollment, known installs, onboarding and offboarding) and flag anything that touches production data or needs judgment for a human to take.
On a five-person desk, reported deployments show $78,000 to $130,000 in annual direct labor savings, roughly 30% fewer escalations, and 15% to 20% better SLA compliance. Broader MSP adoption data adds ticket handling time cut by 45% and five to 12 points of margin, all from reclaimed capacity rather than headcount cuts.

AI MSP

Automate high-volume, low-risk tasks first. Ticket triage and alert noise reduction top the list because they run constantly and a human still resolves the underlying issue. Save security approvals, billing changes, and client-facing actions for later, always with a human in the loop.

About OpenFrame

OpenFrame isn't built to plug into your stack. It replaces it. Instead of duct-taping a dozen tools together (RMM, MDM, SIEM, patching, remote access, each its own login and bill), we bundle it into one unified platform: RMM, MDM, monitoring, automation, remote access, patch management, security monitoring, and ticketing, plus built-in AI copilots. So "does it integrate with X?" usually means: you won't need X anymore.

IT Documentation

Hudu is IT documentation software that MSPs and internal IT teams use to centralize client documentation, network details, encrypted passwords, IT assets, and SOP runbooks in one searchable platform, so technicians find what they need without digging through scattered files.

Zabbix for MSPs

Yes. Zabbix is open source under GPLv2 with no license fee, no per-device pricing, and no paywalled features. You can monitor unlimited hosts at zero software cost. The real expense is the infrastructure to host it and the engineering time to configure and maintain it.

Log Aggregation

Yes. Self-hosted Loki is free and open source under the AGPLv3 license, so you pay only for the infrastructure you run it on. Grafana Cloud is the paid, managed option, starting at $0.45 per GB of logs ingested with 50 GB free each month.

Prometheus Monitoring

Yes. Prometheus is open source under the Apache 2.0 license, with no seat fees, per-device pricing, or contracts. The license costs nothing, but you pay in the server hardware, storage, upgrades, and engineering hours needed to run it across client environments.

Getting Started

“What I Shipped” is your monthly highlight reel. Each month you can post the work you're proud of — a feature, a document, a deal, a fix — with a short write-up and media. It's visible to the whole team, so everyone can see the impact you're making.

Netdata Monitoring

Netdata is an open-source infrastructure monitoring platform that collects per-second metrics from servers, containers, and applications. An agent installs on each host, auto-discovers metrics, and builds real-time dashboards, while Netdata Cloud ties multiple agents together for fleet-wide visibility and alerting.