NOTE: You are looking at documentation for an older release. For the latest information, see the current release documentation.
Osquery fieldsedit
Fields exported by the osquery
module
osquery fieldsedit
result fieldsedit
Common fields exported by the result metricset.
-
osquery.result.name
-
type: keyword
The name of the query that generated this event.
-
osquery.result.action
-
type: keyword
For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".
-
osquery.result.host_identifier
-
type: keyword
The identifier for the host on which the osquery agent is running. Normally the hostname.
-
osquery.result.unix_time
-
type: long
Unix timestamp of the event, in seconds since the epoch. Used for computing the
@timestamp
column. -
osquery.result.calendar_time
-
String representation of the collection time, as formatted by osquery.