CREATE VIEW surveilr_osquery_ms_node_os_version AS
SELECT
json_extract(l.content, '$.surveilrOsQueryMsNodeKey') AS node_key,
l.updated_at,
json_extract(l.content, '$.hostIdentifier') AS host_identifier,
json_extract(l.content, '$.columns.arch') AS arch,
json_extract(l.content, '$.columns.build') AS build,
json_extract(l.content, '$.columns.extra') AS extra,
json_extract(l.content, '$.columns.kernel_version') AS kernel_version,
json_extract(l.content, '$.columns.major') AS major,
json_extract(l.content, '$.columns.minor') AS minor,
json_extract(l.content, '$.columns.name') AS name,
json_extract(l.content, '$.columns.patch') AS patch,
json_extract(l.content, '$.columns.platform') AS platform,
json_extract(l.content, '$.columns.version') AS version
FROM uniform_resource AS l
WHERE l.uri = 'osquery-ms:query-result'
AND (json_extract(l.content, '$.name') = 'OS Version (Linux and Macos)'
OR json_extract(l.content, '$.name') = 'OS Version (Windows)')