Get live query results

GET /api/osquery/live_queries/{id}/results/{actionId}

Api key auth Basic auth

Get the results of a live query using the query action ID.

Path parameters

id string Required

The ID of the live query result you want to retrieve.
actionId string Required

The ID of the query action that generated the live query results.

Query parameters

kuery string | null

The kuery to filter the results by.
page integer | null

The page number to return. The default is 1.
pageSize integer | null

The number of results to return per page. The default is 20.
sort string | null

The field that is used to sort the results.

Default value is createdAt.
sortOrder string

Specifies the sort order.

Values are asc or desc.

Responses

200 application/json; Elastic-Api-Version=2023-10-31

OK

The response for getting live query results.

Additional properties are allowed.

GET /api/osquery/live_queries/{id}/results/{actionId}

curl \
 --request GET https://localhost:5601/api/osquery/live_queries/3c42c847-eb30-4452-80e0-728584042334/results/609c4c66-ba3d-43fa-afdd-53e244577aa0 \
 --header "Authorization: $API_KEY"

Response examples (200)

{
  "data": {
    "edges": [
      {},
      {}
    ],
    "total": 2
  }
}