Query parametersedit

page
(Optional, integer) The page number to return. The default is 1.
perPage
(Optional, integer) The number of rules to return per page. The default is 20.
sortField

(Optional, string) The field that is used to sort the results. Options include createdAt or updatedAt. The default is createdAt.

Even though the JSON case object uses created_at and updated_at fields, you must use createdAt and updatedAt fields in the URL query.

sortOrder
(Optional, string) Specified the sort order. Options include desc or asc. The defaults is desc.

Response codeedit

200
Indicates a successful call.

Exampleedit

Retrieve the last 10 live queries :

$ curl -X GET api/osquery/live_queries?page=1&perPage=10

The API returns a JSON object of the retrieved live queries:

{
  "page": 1,
  "per_page": 10,
  "total": 11,
  "data": [
    {
      "action_id": "3c42c847-eb30-4452-80e0-728584042334",
      "expiration": "2022-07-26T10:04:32.220Z",
      "@timestamp": "2022-07-26T09:59:32.220Z",
      "agents": ["16d7caf5-efd2-4212-9b62-73dafc91fa13"],
      "user_id": "elastic",
      "queries": [
        {
          "action_id": "609c4c66-ba3d-43fa-afdd-53e244577aa0",
          "id": "6724a474-cbba-41ef-a1aa-66aebf0879e2",
          "query": "select * from uptime;",
          "saved_query_id": "42ba9c50-0cc5-11ed-aa1d-2b27890bc90d",
          "ecs_mapping": {
            "host.uptime": {
              "field": "total_seconds"
            }
          },
          "agents": ["16d7caf5-efd2-4212-9b62-73dafc91fa13"],
        }
      ],
    },
    {...}
  ]
}