GET /api/osquery/live_queries/{id}/results/{actionId}
Api key auth

Spaces method and path for this operation:

get /s/{space_id}/api/osquery/live_queries/{id}/results/{actionId}

Refer to Spaces for more information.

Get the results of a live query using the query action ID.

Path parameters

  • id string Required

    The ID of the live query.

  • actionId string Required

    The ID of the query action.

Query parameters

  • kuery string | null

    A KQL search string to filter results.

  • page integer | null

    The page number to return.

  • pageSize integer | null

    The number of results to return per page.

  • sort string | null

    The field to sort results by.

    Default value is createdAt.

  • sortOrder string

    The sort order.

    Values are asc or desc.

Responses

  • 200 application/json

    Indicates a successful call.

    Hide response attribute Show response attribute object
    • data object
      Hide data attributes Show data attributes object
      • edges array[object]

        The result rows from the query execution.

        Hide edges attributes Show edges attributes object
        • _id string
        • _source object

          The Elasticsearch document source containing query results.

      • total integer

        The total number of result rows.
GET /api/osquery/live_queries/{id}/results/{actionId} 
curl \
 --request GET 'https://<KIBANA_URL>/api/osquery/live_queries/3c42c847-eb30-4452-80e0-728584042334/results/609c4c66-ba3d-43fa-afdd-53e244577aa0' \
 --header "Authorization: $API_KEY"