IMPORTANT: No additional bug fixes or documentation updates will be released for this version. For the latest information, see the current release documentation.
« Okta fields panw fields »
Elastic Docs Filebeat Reference [7.8] Exported fields

Osquery fields

edit

Osquery fields

edit

Fields exported by the osquery module

osquery

edit

result

edit

Common fields exported by the result metricset.

osquery.result.name

The name of the query that generated this event.

type: keyword

osquery.result.action

For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".

type: keyword

osquery.result.host_identifier

The identifier for the host on which the osquery agent is running. Normally the hostname.

type: keyword

osquery.result.unix_time

Unix timestamp of the event, in seconds since the epoch. Used for computing the @timestamp column.

type: long

osquery.result.calendar_time

String representation of the collection time, as formatted by osquery.

type: keyword

« Okta fields panw fields »