.. include:: /includes.txt ===================== Osquery adhoc results ===================== Table view ========== .. image:: /_static/osquery_live.png * **Code** Once clicked will show you a preview of the running query. * **Name** The name of the query. * **Results** The total number of results that have been returned. * **Active?** Shows whether the query is running or not. The query can be disabled and resumed at any time just by clicking this button. * **Created** The date of when the query was created. * **Updated** The date of when the query was last updated. This may be due to the active state being changed or the queries name. * **Last event** The date and time of the last event we saw for this query. This field is updated in real-time. * **Actions** These are changes that can be applied to the query. * **CLONE** Clones they query including its current state. Note that the results of the cloned query are not copied over. * **DELETE** Removes the query. *Please note that queries are not deleted immediately. However, the results are. Queries will remain within the system for 30 days and are then deleted thereafter.* Query results ============= Once you've clicked on a running query you'll get the following view to display the results returned by the query. .. image:: /_static/osquery_results.png