process_tracker

Function

ArgDescriptionType
sync_querySource for full tracker updates. Query must emit rows with the ProcessTrackerUpdate shape - usually uses pslist() to form a full sync.StoredQuery
sync_periodHow often to do a full sync (default 5000 msec).int64
update_queryAn Event query that produces live updates of the tracker state.StoredQuery
max_sizeMaximum size of process tracker LRU.int64
enrichmentsOne or more VQL lambda functions that can enrich the data for the process.list of string

Description

Install a global process tracker.

comments powered by Disqus