Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
windows_crashes
windows_crashes
Extracted information from Windows crash logs (Minidumps).
| Column | Type | Description |
|---|---|---|
| build_number | integer | Windows build number of the crashing machine |
| command_line | text | Command-line string passed to the crashed process |
| crash_path | text | Path of the log file |
| current_directory | text | Current working directory of the crashed process |
| datetime | text | Timestamp (log format) of the crash |
| exception_address | text | Address (in hex) where the exception occurred |
| exception_code | text | The Windows exception code |
| exception_message | text | The NTSTATUS error message associated with the exception code |
| machine_name | text | Name of the machine where the crash happened |
| major_version | integer | Windows major version of the machine |
| minor_version | integer | Windows minor version of the machine |
| module | text | Path of the crashed module within the process |
| path | text | Path of the executable file for the crashed process |
| pid | bigint | Process ID of the crashed process |
| process_uptime | bigint | Uptime of the process in seconds |
| registers | text | The values of the system registers |
| stack_trace | text | Multiple stack frames from the stack trace |
| tid | bigint | Thread ID of the crashed thread |
| type | text | Type of crash log |
| username | text | Username of the user who ran the crashed process |
| version | text | File version info of the crashed process |
Example
select * from windows_crashes where stack_trace like '%vlc%'
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
