Attention
Zercurity has been acquired by JumpCloud.
This documentation will no longer be maintained or updated. You can read more about the acquisition, or signup to JumpCloud today.
processes¶
All running processes on the host system.
Platform support¶
Please be aware that some queries can only be run against certain platforms. Below is a list of the supported platforms that this query supports. Zercurity will automatically pause queries from running if errors are detected. Running a query against an unsupported platform will result in the following error: no such table: processes
- Windows
- Linux
- Mac OSX
- Free BSD
Table schema¶
Name | Type | Description |
---|---|---|
pid | BIGINT | Process (or thread) ID |
name | TEXT | The process path or shorthand argv[0] |
path | TEXT | Path to executed binary |
cmdline | TEXT | Complete argv |
state | TEXT | Process state |
cwd | TEXT | Process current working directory |
root | TEXT | Process virtual root directory |
uid | BIGINT | Unsigned user ID |
gid | BIGINT | Unsigned group ID |
euid | BIGINT | Unsigned effective user ID |
egid | BIGINT | Unsigned effective group ID |
suid | BIGINT | Unsigned saved user ID |
sgid | BIGINT | Unsigned saved group ID |
on_disk | INTEGER | The process path exists yes=1, no=0, unknown=-1 |
wired_size | BIGINT | Bytes of unpagable memory used by process |
resident_size | BIGINT | Bytes of private memory used by process |
total_size | BIGINT | Total virtual memory size |
user_time | BIGINT | CPU time in milliseconds spent in user space |
system_time | BIGINT | CPU time in milliseconds spent in kernel space |
disk_bytes_read | BIGINT | Bytes read from disk |
disk_bytes_written | BIGINT | Bytes written to disk |
start_time | BIGINT | Process start time in seconds since Epoch, in case of error -1 |
parent | BIGINT | Process parent’s PID |
pgroup | BIGINT | Process group |
threads | INTEGER | Number of threads used by process |
nice | INTEGER | Process nice level (-20 to 20, default 0) |
upid | BIGINT | A 64bit pid that is never reused. Returns -1 if we couldn’t gather them from the system. |
uppid | BIGINT | The 64bit parent pid that is never reused. Returns -1 if we couldn’t gather them from the system. |
cpu_type | INTEGER | A 64bit pid that is never reused. Returns -1 if we couldn’t gather them from the system. |
cpu_subtype | INTEGER | The 64bit parent pid that is never reused. Returns -1 if we couldn’t gather them from the system. |
Query examples¶
select * from processes where pid = 1