Osquery fields | Filebeat Reference [6.2]

WARNING: Version 6.2 of Filebeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

› ›

« Nginx fields PostgreSQL fields »

Osquery fieldsedit

Fields exported by the osquery module

osquery fieldsedit

result fieldsedit

Common fields exported by the result metricset.

`osquery.result.name`edit

type: keyword

The name of the query that generated this event.

`osquery.result.action`edit

type: keyword

For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".

`osquery.result.host_identifier`edit

type: keyword

The identifier for the host on which the osquery agent is running. Normally the hostname.

`osquery.result.unix_time`edit

type: long

Unix timestamp of the event, in seconds since the epoch. Used for computing the @timestamp column.

`osquery.result.calendar_time`edit

String representation of the collection time, as formatted by osquery.

« Nginx fields PostgreSQL fields »

Osquery fieldsedit

osquery fieldsedit

result fieldsedit

osquery.result.nameedit

osquery.result.actionedit

osquery.result.host_identifieredit

osquery.result.unix_timeedit

osquery.result.calendar_timeedit

`osquery.result.name`edit

`osquery.result.action`edit

`osquery.result.host_identifier`edit

`osquery.result.unix_time`edit

`osquery.result.calendar_time`edit