IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Elastic Docs Filebeat Reference [7.3] Exported fields
« Nginx fields panw fields »

Osquery fieldsedit

Fields exported by the osquery module

osqueryedit

resultedit

Common fields exported by the result metricset.

osquery.result.name

The name of the query that generated this event.

type: keyword

osquery.result.action

For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".

type: keyword

osquery.result.host_identifier

The identifier for the host on which the osquery agent is running. Normally the hostname.

type: keyword

osquery.result.unix_time

Unix timestamp of the event, in seconds since the epoch. Used for computing the @timestamp column.

type: long

osquery.result.calendar_time

String representation of the collection time, as formatted by osquery.

type: keyword

« Nginx fields panw fields »