Solutions
Device management
Remotely manage, and protect laptops and mobile devices.
Orchestration
Automate tasks across devices, from app installs to scripts.
Software management
Inventory, patch, and manage installed software.
Extend Fleet
Integrate your favorite tools with Fleet.
Customers
Stripe + Fleet
Stripe consolidates multiple tools with Fleet.
Foursquare + Fleet
Foursquare quickly migrates to Fleet for device management.
What people are saying
Stories from the Fleet community.
Pricing
More
Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
unified_log
unified_log
Queries the OSLog framework for entries in the system log. The maximum number of rows returned is limited for performance issues. Use timestamp > or >= constraints to optimize query performance. This table introduces a new idiom for extracting sequential data in batches using multiple queries, ordered by timestamp. To trigger it, the user should include the condition "timestamp > -1", and the table will handle pagination. Note that the saved pagination counter is incremented globally across all queries and table invocations within a query. To avoid multiple table invocations within a query, use only AND and = constraints in WHERE clause.
| Column | Type | Description |
|---|---|---|
| activity | bigint | the activity ID associate with the entry |
| category | text | the category of the os_log_t used |
| level | text | the severity level of the entry |
| max_rows | integer | the max number of rows returned (defaults to 100) Not returned in SELECT * FROM unified_log. |
| message | text | composed message |
| pid | bigint | the pid of the process that made the entry |
| predicate | text | predicate to search (see log help predicates), note that this is merged into the predicate created from the column constraintsNot returned in SELECT * FROM unified_log. |
| process | text | the name of the process that made the entry |
| sender | text | the name of the binary image that made the entry |
| storage | integer | the storage category for the entry |
| subsystem | text | the subsystem of the os_log_t used |
| tid | bigint | the tid of the thread that made the entry |
| timestamp | bigint | unix timestamp associated with the entry |
| timestamp_double | text | floating point timestamp associated with the entry |
Example
select * from unified_log where timestamp > -1 and timestamp > (select unix_time - 86400 from time)Questions?
SOC2 Type 2
