Tables
Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.
Apple
Linux
Windows
ChromeOS
windows_search
windows_search
Run searches against the Windows system index database using Advanced Query Syntax. See https://learn.microsoft.com/en-us/windows/win32/search/-search-3x-advancedquerysyntax for details.
| Column | Type | Description |
|---|---|---|
| additional_properties | text | Comma separated list of columns to include in properties JSON Not returned in SELECT * FROM windows_search. |
| date_created | integer | The unix timestamp of when the item was created. |
| date_modified | integer | The unix timestamp of when the item was last modified |
| max_results | integer | Maximum number of results returned by windows api, set to -1 for unlimited Not returned in SELECT * FROM windows_search. |
| name | text | The name of the item |
| owner | text | The owner of the item |
| path | text | The full path of the item. |
| properties | text | Additional property values JSON |
| query | text | Windows search query Not returned in SELECT * FROM windows_search. |
| size | bigint | The item size in bytes. |
| sort | text | Sort for windows api Not returned in SELECT * FROM windows_search. |
| type | text | The item type |
Example
select *, datetime(date_created, 'unixepoch') as datetime from windows_search WHERE query = 'folder:documents' AND datetime BETWEEN '2022-11-18 16:40:00' AND '2023-11-18 16:50:00'
Edit page
Ask us anything
Questions?
SOC2 Type 2
© 2025 Fleet Inc.
Privacy
