Path parameters

• id string Required

  The ID of the live query.

Responses

• 200 application/json

  Indicates a successful call.

  Hide response attribute Show response attribute object

  • data object
    Hide data attributes Show data attributes object

    • @timestamp string(date-time)
    • action_id string
    • agents array[string]
    • expiration string(date-time)
    • pack_id string
    • pack_name string
    • prebuilt_pack boolean
    • queries array[object]

      The queries with their execution status.

      Hide queries attributes Show queries attributes object

      • action_id string
      • agents array[string]
      • docs integer

        Number of result documents.

      • ecs_mapping object

        Map osquery results columns or static values to Elastic Common Schema (ECS) fields

        Hide ecs_mapping attribute Show ecs_mapping attribute object

        • * object Additional properties
          Hide * attributes Show * attributes object

          • field string

            The ECS field to map to.

          • value string | array[string]

            The value to map to the ECS field.

            One of:

            string-1 string array-2 array[string]
      • failed integer

        Number of failed queries.

      • id string
      • pending integer

        Number of pending agents.

      • query string
      • responded integer

        Total responded agents.

      • saved_query_id string
      • status string

        Status of this individual query.

        Values are completed or running.

      • successful integer

        Number of successful agents.

    • status string

      Global status of the live query (completed, running).

      Values are completed or running.

    • tags array[string]
    • user_id string
    • user_profile_uid string