Get saved query details

GET /api/osquery/saved_queries/{id}
Api key auth Basic auth

Get the details of a saved query using the query ID.

Path parameters

  • id string | null Required

    The ID of a saved query.

Responses

  • 200 application/json; Elastic-Api-Version=2023-10-31

    OK

    Additional properties are allowed.
GET /api/osquery/saved_queries/{id} 
curl \
 --request GET https://localhost:5601/api/osquery/saved_queries/3c42c847-eb30-4452-80e0-728584042334 \
 --header "Authorization: $API_KEY"
Response examples (200) 
{
  "data": {
    "id": "3c42c847-eb30-4452-80e0-728584042334",
    "type": "osquery-saved-query",
    "version": "WzQzMTcsMV0=",
    "attributes": {
      "id": "saved_query_id",
      "query": "select * from uptime;",
      "version": "2.8.0",
      "interval": "60",
      "platform": "linux,darwin",
      "prebuilt": false,
      "created_at": "2022-07-26T09:28:08.597Z",
      "created_by": "elastic",
      "updated_at": "2022-07-26T09:28:08.597Z",
      "updated_by": "elastic",
      "description": "Saved query description",
      "ecs_mapping": {
        "host.uptime": {
          "field": "total_seconds"
        }
      }
    },
    "namespaces": [
      "default"
    ],
    "references": [],
    "updated_at": "2022-07-26T09:28:08.600Z",
    "coreMigrationVersion": "8.4.0"
  }
}