Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

Apple

windows_crashes

Extracted information from Windows crash logs (Minidumps).

Column	Type	Description
build_number	integer	Windows build number of the crashing machine
command_line	text	Command-line string passed to the crashed process
crash_path	text	Path of the log file
current_directory	text	Current working directory of the crashed process
datetime	text	Timestamp (log format) of the crash
exception_address	text	Address (in hex) where the exception occurred
exception_code	text	The Windows exception code
exception_message	text	The NTSTATUS error message associated with the exception code
machine_name	text	Name of the machine where the crash happened
major_version	integer	Windows major version of the machine
minor_version	integer	Windows minor version of the machine
module	text	Path of the crashed module within the process
path	text	Path of the executable file for the crashed process
pid	bigint	Process ID of the crashed process
process_uptime	bigint	Uptime of the process in seconds
registers	text	The values of the system registers
stack_trace	text	Multiple stack frames from the stack trace
tid	bigint	Thread ID of the crashed thread
type	text	Type of crash log
username	text	Username of the user who ran the crashed process
version	text	File version info of the crashed process

select * from windows_crashes where stack_trace like '%vlc%'

Edit page

Ask us anything

Multi platform Device management Orchestration Software management Integrations Pricing

Documentation Support Docs API Release notes Get your license

Company About News Jobs Logos/artwork Why open source?

SOC2 Type 2