ur_ingest_session_osquery_ms_log
| Column |
Type |
PK |
Required |
Default |
| ur_ingest_session_osquery_ms_log_id |
VARCHAR |
Yes |
Yes |
|
| node_key |
TEXT |
No |
Yes |
|
| log_type |
TEXT |
No |
Yes |
|
| log_data |
TEXT |
No |
Yes |
|
| applied_jq_filters |
TEXT |
No |
No |
|
| created_at |
TIMESTAMPTZ |
No |
No |
CURRENT_TIMESTAMP |
| created_by |
TEXT |
No |
No |
'UNKNOWN' |
| updated_at |
TIMESTAMPTZ |
No |
No |
|
| updated_by |
TEXT |
No |
No |
|
| deleted_at |
TIMESTAMPTZ |
No |
No |
|
| deleted_by |
TEXT |
No |
No |
|
| activity_log |
TEXT |
No |
No |
|
Foreign Keys
| Column Name |
Foreign Key |
| node_key |
node_key references surveilr_osquery_ms_node.node_key |
Indexes
| Column Name |
Index Name |
| node_key |
sqlite_autoindex_ur_ingest_session_osquery_ms_log_2 |
| log_type |
sqlite_autoindex_ur_ingest_session_osquery_ms_log_2 |
| log_data |
sqlite_autoindex_ur_ingest_session_osquery_ms_log_2 |
| ur_ingest_session_osquery_ms_log_id |
sqlite_autoindex_ur_ingest_session_osquery_ms_log_1 |
SQL DDL
CREATE TABLE "ur_ingest_session_osquery_ms_log" (
"ur_ingest_session_osquery_ms_log_id" VARCHAR PRIMARY KEY NOT NULL,
"node_key" TEXT NOT NULL,
"log_type" TEXT NOT NULL,
"log_data" TEXT CHECK(json_valid(log_data)) NOT NULL,
"applied_jq_filters" TEXT CHECK(json_valid(applied_jq_filters) OR applied_jq_filters IS NULL),
"created_at" TIMESTAMPTZ DEFAULT CURRENT_TIMESTAMP,
"created_by" TEXT DEFAULT 'UNKNOWN',
"updated_at" TIMESTAMPTZ,
"updated_by" TEXT,
"deleted_at" TIMESTAMPTZ,
"deleted_by" TEXT,
"activity_log" TEXT,
FOREIGN KEY("node_key") REFERENCES "surveilr_osquery_ms_node"("node_key"),
UNIQUE("node_key", "log_type", "log_data")
)