Get live queries

GET /api/osquery/live_queries
Api key auth Basic auth

Get a list of all live queries.

Query parameters

  • kuery string | null

    The kuery to filter the results by.

  • page integer | null

    The page number to return. The default is 1.

  • pageSize integer | null

    The number of results to return per page. The default is 20.

  • sort string | null

    The field that is used to sort the results.

    Default value is createdAt.

  • sortOrder string

    Specifies the sort order.

    Values are asc or desc.

Responses

  • 200 application/json; Elastic-Api-Version=2023-10-31

    OK

    Additional properties are allowed.
GET /api/osquery/live_queries 
curl \
 --request GET https://localhost:5601/api/osquery/live_queries \
 --header "Authorization: $API_KEY"
Response examples (200) 
{
  "data": {
    "items": [
      {
        "fields": {
          "agents": [
            "16d7caf5-efd2-4212-9b62-73dafc91fa13"
          ],
          "queries": [
            {
              "id": "6724a474-cbba-41ef-a1aa-66aebf0879e2",
              "query": "select * from uptime;",
              "agents": [
                "16d7caf5-efd2-4212-9b62-73dafc91fa13"
              ],
              "action_id": "609c4c66-ba3d-43fa-afdd-53e244577aa0",
              "ecs_mapping": {
                "host.uptime": {
                  "field": "total_seconds"
                }
              },
              "saved_query_id": "42ba9c50-0cc5-11ed-aa1d-2b27890bc90d"
            }
          ],
          "user_id": "elastic",
          "action_id": "3c42c847-eb30-4452-80e0-728584042334",
          "@timestamp": "2023-10-31T00:00:00Z",
          "expiration": "2023-10-31T00:00:00Z"
        }
      }
    ]
  }
}