Docs
IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
Filebeat Reference [7.3] » Exported fields » Osquery fields
«  Nginx fields     panw fields  »

Osquery fields

Fields exported by the osquery module

osquery

result

Common fields exported by the result metricset.

osquery.result.name

The name of the query that generated this event.

type: keyword

osquery.result.action

For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".

type: keyword

osquery.result.host_identifier

The identifier for the host on which the osquery agent is running. Normally the hostname.

type: keyword

osquery.result.unix_time

Unix timestamp of the event, in seconds since the epoch. Used for computing the @timestamp column.

type: long

osquery.result.calendar_time

String representation of the collection time, as formatted by osquery.

type: keyword

«  Nginx fields     panw fields  »