stack kb security-osquery-api osquery-get-live-query-results cli command

elastic stack kb security-osquery-api osquery-get-live-query-results \
  --id <id> \
  --action-id <action-id> \
  [options]
		

Get live query results

--id string required

The id parameter

--action-id string required

The actionId parameter

--kuery string

--page number

--page-size number

--sort string

--sort-order string

--input-file string

path to a JSON file to use as command input

-V --[no-]version

Print the Elastic CLI version

--config-file string

path to a config file (default: ~/.elasticrc.yml)

--use-context string

override the active context from the config file

--command-profile string

restrict available commands to a deployment profile (serverless, stack, default)

--[no-]json

output as JSON

--output-fields string

comma-separated list of fields to include in output (dot-notation supported)

--output-template string

Mustache-like template for custom text output (e.g. "{{id}}: {{name}}")

--[no-]dry-run

validate all inputs and exit without performing any action (preview changes without applying them)