Get live query details
Get the details of a live query using the query ID.
Path parameters
-
id
string Required The ID of the live query result you want to retrieve.
GET
/api/osquery/live_queries/{id}
curl \
--request GET https://localhost:5601/api/osquery/live_queries/3c42c847-eb30-4452-80e0-728584042334 \
--header "Authorization: $API_KEY"
Response examples (200)
{
"data": {
"agents": [
"16d7caf5-efd2-4212-9b62-73dafc91fa13"
],
"status": "completed",
"queries": [
{
"id": "6724a474-cbba-41ef-a1aa-66aebf0879e2",
"docs": 0,
"query": "select * from uptime;",
"agents": [
"16d7caf5-efd2-4212-9b62-73dafc91fa13"
],
"failed": 1,
"status": "completed",
"pending": 0,
"action_id": "609c4c66-ba3d-43fa-afdd-53e244577aa0",
"responded": 1,
"successful": 0,
"ecs_mapping": {
"host.uptime": {
"field": "total_seconds"
}
},
"saved_query_id": "42ba9c50-0cc5-11ed-aa1d-2b27890bc90d"
}
],
"user_id": "elastic",
"action_id": "3c42c847-eb30-4452-80e0-728584042334",
"@timestamp": "2022-07-26T09:59:32.220Z",
"expiration": "2022-07-26T10:04:32.220Z"
}
}