WARNING: Version 6.2 of Filebeat has passed its EOL date.

This documentation is no longer being maintained and may be removed. If you are running this version, we strongly advise you to upgrade. For the latest information, see the current release documentation.

« Nginx fields PostgreSQL fields »
Elastic Docs Filebeat Reference [6.2] Exported fields

Osquery fields

edit

Osquery fields

edit

Fields exported by the osquery module

osquery fields

edit

result fields

edit

Common fields exported by the result metricset.

osquery.result.name

edit

type: keyword

The name of the query that generated this event.

osquery.result.action

edit

type: keyword

For incremental data, marks whether the entry was added or removed. It can be one of "added", "removed", or "snapshot".

osquery.result.host_identifier

edit

type: keyword

The identifier for the host on which the osquery agent is running. Normally the hostname.

osquery.result.unix_time

edit

type: long

Unix timestamp of the event, in seconds since the epoch. Used for computing the @timestamp column.

osquery.result.calendar_time

edit

String representation of the collection time, as formatted by osquery.

« Nginx fields PostgreSQL fields »