Commands

spyctl

spyctl displays and controls resources within your Spyderbat environment

spyctl [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

Use “spyctl –version” for version information

apply

Apply a configuration to a resource by file name.

spyctl apply [OPTIONS]

Options

-f, --filename <filename>

Required

Use “spyctl <command> –help” for more information about a given command.

config

Modify spyctl config files.

spyctl config [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

current-context

Display the current-context.

spyctl config current-context [OPTIONS]

Options

-g, --global

When operating within a spyctl workspace, this displays the current context in the global configuration.

Use “spyctl <command> –help” for more information about a given command.

delete-apisecret

Delete the specified apisecret from a spyctl configuration file.

NAME is the name of the apisecret to delete.

spyctl config delete-apisecret [OPTIONS] NAME

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME

Required argument

Use “spyctl <command> –help” for more information about a given command.

delete-context

Delete the specified context from a spyctl configuration file.

NAME is the name of the context to delete.

spyctl config delete-context [OPTIONS] NAME

Options

-g, --global

When operating within a spyctl workspace, this deletes a context from the global spyctl configuration file.

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME

Required argument

Use “spyctl <command> –help” for more information about a given command.

get-apisecrets

Describe one or many apisecrets.

spyctl config get-apisecrets [OPTIONS] [NAME]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

Arguments

NAME

Optional argument

Use “spyctl <command> –help” for more information about a given command.

get-contexts

Describe one or many contexts.

NAME is the name of a specific context to view.

The default behavior is to show all of the contexts accessible to the current working directory. If not using a workspace, this is only the contexts in the global config. See –help for “spyctl config init” for more details.

spyctl config get-contexts [OPTIONS] [NAME]

Options

-o, --output <output>

Options:

default | wide

-g, --global

When operating within a spyctl workspace, this displays only contexts within the global spyctl configuration file.

-w, --workspace

When operating within a spyctl workspace, this displays only contexts within the workspace configuration file.

Arguments

NAME

Optional argument

Use “spyctl <command> –help” for more information about a given command.

init-workspace

Initialize a workspace.

This command creates a ‘.spyctl/config’ file in the current working directory. Workspaces are a spyctl configuration file local to a specific directory. They allow you to create contexts only accessible from the directory subtree from where the config file resides. They also allow you to set a current context for a directory subtree.

This is helpful if you’re working on a specific service or container and want spyctl to return data relevant only to that application.

For example: If your cwd is $HOME/myproject/ and you issue the command spyctl config current-context you will be shown the current context in the global configuration. But if create initialize a workspace and create a context, you will notice that your current context is the one set within the workspace configuration file.

For example:

# Create a workspace in the current working directory.

spyctl config init-workspace

# Create a context specific to a Linux Service.

spyctl config set-context –cgroup systemd:/system.slice/my_app.service –org my_organization –secret my_secret my_app_context

# Show the current context and see my_app_context in the output.

spyctl config current-context

Executing spyctl outside of a workspace directory or any of its subdirectories will revert the tool to using the current context in the global configuration file.

spyctl config init-workspace [OPTIONS]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Use “spyctl <command> –help” for more information about a given command.

set-apisecret

Set a new entry in the spyctl secrets file, or update an existing one.

spyctl config set-apisecret [OPTIONS] [NAME]

Options

-k, --apikey, --api-key <api_key>

API key generated via the Spyderbat UI

-u, --apiurl, --api-url <api_url>

URL target for api queries. Default: https://api.spyderbat.com

Arguments

NAME

Optional argument

Use “spyctl <command> –help” for more information about a given command.

set-context

Set a context entry in a spyctl configuration file, or update an existing one.

spyctl config set-context [OPTIONS] NAME

Options

-g, --global

When operating within a spyctl workspace, this sets a context in the global spyctl configuration file.

-u, --use-context

Use this context when set. Sets the current-context field in the config file. The first context added to a config is automatically set as current-context.

-s, --secret <secret>

Required Name of api config secret.

-o, --organization, --org <organization>

Required ID or name of Spyderbat organization.

-c, --cluster <cluster>

Name or Spyderbat ID of Kubernetes cluster.

-n, --namespace <namespace>

Name or Spyderbat ID of Kubernetes namespace.

-p, --pod <pod>

Name or Spyderbat ID of Kubernetes pod.

-m, --machines <machines>

Name of machine group, or name or Spyderbat ID of a machine (node).

-i, --image <image>

Name of container image, wildcards allowed.

-d, --image-id <image_id>

Container image ID.

-N, --container-name <container_name>

Name of specific container.

-C, --cgroup <cgroup>

Linux service cgroup.

Arguments

NAME

Required argument

Use “spyctl <command> –help” for more information about a given command.

use-context

Set the current-context in a spyctl configuration file.

spyctl config use-context [OPTIONS] NAME

Options

-g, --global

When operating within a spyctl workspace, this changes the current context in the global configuration file.

Arguments

NAME

Required argument

Use “spyctl <command> –help” for more information about a given command.

view

View the current spyctl configuration file. If operating within a workspace the default behavior displays a merged configuration including contexts from the global config and any other workspace configuration files from cwd to root.

spyctl config view [OPTIONS]

Options

-g, --global

When operating within a spyctl workspace, this displays the global spyctl configuration file.

-w, --workspace

When operating within a spyctl workspace, this displays only the workspace configuration file.

-o, --output <output>

Options:

yaml | json | ndjson | default

Use “spyctl <command> –help” for more information about a given command.

create

Create a resource from a file.

spyctl create [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

agent-health-notification-settings

Create a new agent health notification settings.

spyctl create agent-health-notification-settings [OPTIONS]

Options

-a, --apply

Apply the agent health notification settings during creation.

-n, --name <name>

Required Name for the agent health notification settings.

-d, --description <description>

Description for the agent health notification settings.

-q, --scope-query <scope_query>

SpyQL query on model_agents table to determine which agents this setting applies to.

-T, --targets <targets>

Comma separated list of targets to send notifications to.

--is-disabled

Disable the agent health notification settings on creation.

-o, --output <output>

Output format for the agent health notification settings.

Options:

yaml | json | ndjson | default

-y, --yes

Automatically answer yes to all prompts.

Use “spyctl <command> –help” for more information about a given command.

cluster-policy

Create a Cluster Policy yaml document and accompanying rulesets, outputted to stdout # noqa

spyctl create cluster-policy [OPTIONS]

Options

-n, --name <name>

Required Name for the Cluster Policy.

-o, --output <output>

Options:

yaml | json | ndjson | default

-m, --mode <mode>

This determines what the policy should do when applied and enabled. Default is audit mode. Audit mode will generate log messages when a violation occurs and when it would have taken an action, but it will not actually take an action or generate a violation flag. Enforce mode will take actions, generate flags, and also generate audit events.

Options:

enforce | audit

-t, --start-time <st>

Time to start generating statements from. Default is 1.5 hours ago.

-e, --end-time <et>

Time to stop generating statements from. Default is now.

-g, --no-ruleset-gen

Does not generate rulesets for the cluster policies if set.

-C, --cluster <cluster>

Name or Spyderbat ID of Kubernetes cluster.

-N, --namespace <namespace>

Generate ruleset for all or some namespaces. If not provided, the ruleset will be generated for the cluster(s) without namespace context. Supplying this option with no arguments will generate the ruleset with namespace context. If one or more namespaces are supplied, the ruleset will generate for only the namespace(s) provided.

Use “spyctl <command> –help” for more information about a given command.

cluster-ruleset

Create a Policy Rule to be used in cluster policies.

spyctl create cluster-ruleset [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Optional name for the Cluster Ruleset, if not provided, a name will be generated automatically

-g, --generate-rules

Generate all or some types of rules for the policy ruleset.

-t, --start-time <st>

Time to start generating statements from. Default is 1.5 hours ago.

-e, --end-time <et>

Time to stop generating statements from. Default is now.

-C, --cluster <cluster>

Name or Spyderbat ID of Kubernetes cluster.

-N, --namespace <pod_namespace_equals>

Generate ruleset for all or some namespaces. If not provided, the ruleset will be generated for the cluster without namespace context. Supplying this option with no arguments will generate the ruleset with namespace context. If one or more namespaces are supplied, the ruleset will generate for only the namespace(s) provided.

Use “spyctl <command> –help” for more information about a given command.

container-policy

Create container policies.

This command retrieves container processes and connections to build a policy that can enforce container workload behavior. The options of this command help build the query that retrieves the processes and connections. A policy will be created for each unique container image within the scope of the query.

Query results are limited to 10,000 objects so be sure to use the options to narrow the query as much as possible. Viable policies may be created with limited results, but will likely take longer to settle during the audit period.

spyctl create container-policy [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-m, --mode <mode>

This determines what the policy should do when applied and enabled. Default is audit mode. Audit mode will generate log messages when a violation occurs and when it would have taken an action, but it will not actually take an action or generate a violation flag. Enforce mode will take actions, generate flags, and also generate audit events.

Options:

enforce | audit

-t, --start-time <st>

Time to start generating statements from. Default is 1.5 hours ago.

-e, --end-time <et>

Time to stop generating statements from. Default is now.

-P, --pod-name <pod_name>

Name of kubernetes pod.

-D, --deployment-name <deployment>

Name of kubernetes deployment.

-C, --cluster-name <clustername>

Name of kubernetes cluster.

-N, --namespace <pod_namespace>

Name of kubernetes namespace.

-I, --image <image>

Name of container image.

--hostname <hostname>

Hostname of container’s machine.

--machine-uid <muid>

Unique id of container’s machine.

--image-id <image_id>

Id of container image.

--container-id <container_id>

Id of container.

--container-name <container_name>

Name of container.

--pod-labels <pod_labels>

Labels of kubernetes pod.

--namespace-labels <pod_namespace_labels>

Labels of kubernetes namespace.

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Create a custom flag from a saved query.

This command allows you to write custom detections using the Spyderbat Query Language (SpyQL).

At a minimum you must provide the following:

- schema

- query

- description

- severity

- name

To view available schema options run:

‘spyctl search –describe’

To view available query fields for your schema run:

‘spyctl search –describe <schema>’

Query operators are described here:

https://docs.spyderbat.com/reference/search/search-operators

Example:

spyctl create custom-flag –schema Process –query “interactive = true and container_uid ~= ‘*’” –description “Detects interactive processes in containers” –severity high interactive-container-process

spyctl create custom-flag [OPTIONS] NAME

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-a, --apply

Apply the custom flag during creation.

-d, --description <description>

Required A description explaining what the flag detects.

-q, --query <query>

Objects matching this query + schema combination will be flagged. If used, this will create a saved query.

-s, --schema <schema>

The schema for the SpyQL query used by the custom flag. If used, this will create a saved query.

-Q, --saved-query <saved_query>

The UID of a previously saved query. If used, this will override the query and schema options.

-t, --type <type>

The type of the custom flag. One of [‘redflag’, ‘opsflag’].

Options:

redflag | opsflag

-S, --severity <severity>

Required The severity of the custom flag. One of [‘critical’, ‘high’, ‘medium’, ‘low’, ‘info’].

Options:

critical | high | medium | low | info

-D, --disable

Disable the custom flag on creation.

-T, --tags <tags>

The tags associated with the custom flag. Comma delimited.

-i, --impact <impact>

The impact of the custom flag on the organization.

-c, --content <content>

Markdown content describing extra details about the custom flag.

-N, --saved_query_name <saved_query_name>

If a new saved query needs to be created, this overrides the auto-generated name.

-y, --yes

Automatically answer yes to all prompts.

Arguments

NAME

Required argument

Use “spyctl <command> –help” for more information about a given command.

linux-svc-policy

Create Linux service policies.

This command retrieves service processes and connections to build a policy that can enforce Linux service workload behavior. The options of this command help build the query that retrieves the processes and connections. A policy will be created for each unique Linux service within the scope of the query.

Query results are limited to 10,000 objects so be sure to use the options to narrow the query as much as possible. Viable policies may be created with limited results, but will likely take longer to settle during the audit period.

spyctl create linux-svc-policy [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-m, --mode <mode>

This determines what the policy should do when applied and enabled. Default is audit mode. Audit mode will generate log messages when a violation occurs and when it would have taken an action, but it will not actually take an action or generate a violation flag. Enforce mode will take actions, generate flags, and also generate audit events.

Options:

enforce | audit

-t, --start-time <st>

Time to start generating statements from. Default is 1.5 hours ago.

-e, --end-time <et>

Time to stop generating statements from. Default is now.

--hostname <hostname>

Hostname of service’s machine.

--machine-uid <muid>

Unique id of the service’s machine.

--cgroup <cgroup>

The cgroup of the linux service.

--service-name <service_name>

Name of linux service.

Use “spyctl <command> –help” for more information about a given command.

notification-config

Create a Notification Config resource outputted to stdout.

spyctl create notification-config [OPTIONS]

Options

-n, --name <name>

Required A name for the config.

-T, --target <target>

Required The name or ID of a notification target. Tells the config where to send notifications.

-P, --template <template>

The name or ID of a notification configuration template. If omitted, the config will be completely custom.

-o, --output <output>

Options:

yaml | json | ndjson | default

Use “spyctl <command> –help” for more information about a given command.

notification-target

Create a notification target.

spyctl create notification-target [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

email

Create an email notification target.

spyctl create notification-target email [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification target.

-d, --description <description>

Description of the notification target.

-e, --emails <emails>

Required Email of the notification target.

-T, --tags <tags>

The tags associated with the notification target. Comma delimited.

-a, --apply

Apply the notification target during creation.

-y, --yes

Automatically answer yes to all prompts.

pagerduty

Create a PagerDuty notification target.

spyctl create notification-target pagerduty [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification target.

-d, --description <description>

Description of the notification target.

-r, --routing-key <routing_key>

Required PagerDuty routing key of the notification target.

-T, --tags <tags>

The tags associated with the custom flag. Comma delimited.

-a, --apply

Apply the notification target during creation.

-y, --yes

Automatically answer yes to all prompts.

slack

Create a Slack notification target.

spyctl create notification-target slack [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification target.

-d, --description <description>

Description of the notification target.

-T, --tags <tags>

The tags associated with the notification target. Comma delimited.

-u, --url <url>

Required URL of the Slack notification target.

-a, --apply

Apply the notification target during creation.

-y, --yes

Automatically answer yes to all prompts.

webhook

Create a webhook notification target.

spyctl create notification-target webhook [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification target.

-d, --description <description>

Description of the notification target.

-T, --tags <tags>

The tags associated with the notification target. Comma delimited.

-u, --url <url>

Required URL of the webhook notification target.

-a, --apply

Apply the notification target during creation.

-y, --yes

Automatically answer yes to all prompts.

notification-template

Create a notification template.

spyctl create notification-template [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

email

Create an email notification template.

spyctl create notification-template email [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification template.

-d, --description <description>

Description of the email notification template.

-s, --subject <subject>

Subject of the email notification template.

-b, --body-html <body_html>

HTML body of the email notification template.

-B, --body-text <body_text>

Text body of the email notification template.

-a, --apply

Apply the notification template during creation.

-T, --tags <tags>

The tags associated with the notification template. Comma delimited.

--include-linkback

Include a linkback to the source of the sent notification.

--include_attribution

Include auto-generated details about the source of the sent notification.

--exclude-mute

Exclude the mute button from the sent notification.

-y, --yes

Automatically answer yes to all prompts.

pagerduty

Create a PagerDuty notification template.

spyctl create notification-template pagerduty [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification template.

-d, --description <description>

Description of the PagerDuty notification template.

-c, --class <class>

The class/type of the event.

-C, --component <component>

Component of the source machine that is responsible for the event.

-r, --source <source>

Specific human-readable unique identifier, such as a hostname, for the system having the problem

-s, --summary <summary>

A brief text summary of the event, used to generate the summaries/titles of any associated alerts.

-S, --severity <severity>

The perceived severity of the notification. Can be one of info, warning, error, or critical.

-D, --dedup-key <dedup_key>

A string that uniquely identifies this event across the PagerDuty service. If two events have the same dedup key, only one will be allowed through. Default is the summary of the event.

--custom-details <custom_details>

Additional details to be sent to PagerDuty as a JSON object. Usually easier to edit as yaml.

-g, --group <group>

A cluster or grouping of sources. For example, sources “prod-datapipe-02” and “prod-datapipe-03” might both be part of “prod-datapipe”.

-T, --tags <tags>

The tags associated with the notification template. Comma delimited.

--include-linkback

Include a linkback to the source of the sent notification.

--include_attribution

Include auto-generated details about the source of the sent notification.

--exclude-mute

Exclude the mute button from the sent notification.

-a, --apply

Apply the notification template during creation.

-y, --yes

Automatically answer yes to all prompts.

slack

Create a Slack notification template.

spyctl create notification-template slack [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification template.

-d, --description <description>

Description of the Slack notification template.

-t, --text <text>

Text of the Slack notification template. Used as a fallback if blocks are not provided.

-b, --blocks <blocks>

JSON list of blocks to be sent to Slack. Usually easier to edit as yaml. Default is “[]”

-a, --apply

Apply the notification template during creation.

-T, --tags <tags>

The tags associated with the notification template. Comma delimited.

--include-linkback

Include a linkback to the source of the sent notification.

--include_attribution

Include auto-generated details about the source of the sent notification.

--exclude-mute

Exclude the mute button from the sent notification.

-y, --yes

Automatically answer yes to all prompts.

webhook

Create a webhook notification template.

spyctl create notification-template webhook [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Required Name of the notification template.

-d, --description <description>

Description of the webhook notification template.

-p, --payload <payload>

The payload of the webhook notification template.

--entire_object

Send the entire object as the payload.

-a, --apply

Apply the notification template during creation.

-y, --yes

Automatically answer yes to all prompts.

policy

Create a Guardian Policy object from a file, outputted to stdout

spyctl create policy [OPTIONS]

Options

-f, --from-file <filename>

Required File that contains to merge into a SpyderbatPolicy.

-o, --output <output>

Options:

yaml | json | ndjson | default

-n, --name <name>

Optional name for the SpyderbatPolicy, if not provided, a name will be generated automatically

-d, --disable-processes <disable_procs>

Disable processes detections for this policy. Disabling all processes detections effectively turns this into a network policy.

Options:

all

-D, --disable-connections <disable_conns>

Disable detections for all, public, or private connections.

Options:

all | egress | ingress | private | private-egress | private-ingress | public | public-egress | public-ingress

--include-imageid

Include the image id in the container selector when creating the policy.

-m, --mode <mode>

This determines what the policy should do when applied and enabled. Default is audit mode. Audit mode will generate log messages when a violation occurs and when it would have taken an action, but it will not actually take an action or generate a violation flag. Enforce mode will take actions, generate flags, and also generate audit events.

Options:

enforce | audit

--colorize, --no-colorize

Specify coloration on or off. Default is on.

Use “spyctl <command> –help” for more information about a given command.

saved-query

Create a saved query.

spyctl create saved-query [OPTIONS]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default

-a, --apply

Apply the saved query during creation.

-n, --name <name>

The name of the saved query.

-q, --query <query>

The query to be saved.

-d, --description <description>

A description of the saved query.

-s, --schema <schema>

The schema of the saved query.

-S, --auto-summarize

Enables automatic AI summarization of records that match the saved query if supported by the schema, and if the organization has opted in to AI summarization features.

-y, --yes

Automatically answer yes to all prompts.

Use “spyctl <command> –help” for more information about a given command.

trace-suppression-policy

Create a Suppression Policy object from a file, outputted to stdout

spyctl create trace-suppression-policy [OPTIONS]

Options

-i, --id <trace_id>

UID of the object to build a Suppression Policy from.

-o, --output <output>

Options:

yaml | json | ndjson | default

-u, --include-user-scope

Include user scope in the suppression policy. Default is False.

-n, --name <name>

Optional name for the Suppression Policy, if not provided, a name will be generated automatically

-m, --mode <mode>

This determines what the policy should do when applied and enabled. Default is audit mode. Audit mode will generate log messages when a an object matches the policy and would be suppressed, but it will not suppress the object. Enforce mode actually suppress the object if it matches the policy.

Options:

enforce | audit

--colorize, --no-colorize

Specify coloration on or off. Default is on.

Use “spyctl <command> –help” for more information about a given command.

delete

Get Spyderbat Resources.

spyctl delete [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

agent-health-notification-settings

Delete agent health notification settings by name or ID.

spyctl delete agent-health-notification-settings [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Delete a custom flag by name or uid

spyctl delete custom-flag [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

notification-target

Delete a notification target by name or uid

spyctl delete notification-target [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

notification-template

Delete a notification template by name or uid

spyctl delete notification-template [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

policy

Delete a policy by name or uid

spyctl delete policy [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

ruleset

Delete a ruleset by name or uid

spyctl delete ruleset [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

saved-query

Delete a saved query by name or uid

spyctl delete saved-query [OPTIONS] [NAME_OR_ID]

Options

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

describe

Describe a Spyderbat resource

spyctl describe [OPTIONS] RESOURCE [NAME_OR_ID]

Options

-f, --filename <filename>

File to diff with target.

Arguments

RESOURCE

Required argument

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

diff

Diff target Baselines and Policies with other Resources.

Diff’ing in Spyctl requires a target Resource (e.g. a Baseline or Policy

document you are maintaining) and a Resource to diff with the target. A target can be either a local file supplied using the -f option or a policy you’ve applied to the Spyderbat Backend supplied with the -p option. By default, target’s are diff’d with deviations if they are applied policies, otherwise they are diff’d with relevant* Fingerprints from the last 24 hours to now. Targets may also be diff’d with local files with the -w option or with data from an existing applied policy using the -P option.

The output of a diff shows you any lines that would be added to or removed

from your target Resource as a result of a Merge. diffs may also be performed in bulk. Bulk diffs are outputted to a pager like ‘less’ or ‘more’.

To maintain a target Resource effectively, the goal should be to get to

get to a point where the diff no longer displays added or removed lines (other than timestamps).

Examples:

# diff a local policy file with data from the last

# 24hrs to now:

spyctl diff -f policy.yaml

# diff a local policy file with data from its

# latestTimestamp field to now:

spyctl diff -f policy.yaml –latest

# diff an existing applied policy with data from the

# last 24hrs to now:

spyctl diff -p <NAME_OR_UID>

# Bulk diff all existing policies with data from the

# last 24hrs to now:

spyctl diff -p

# Bulk diff multiple policies with data from the

# last 24hrs to now:

spyctl diff -p <NAME_OR_UID1>,<NAME_OR_UID2>

# Bulk diff all files in cwd matching a pattern with relevant*

# Fingerprints from the last 24hrs to now:

spyctl diff -f *.yaml

# diff an existing applied policy with a local file:

spyctl diff -p <NAME_OR_UID> –with-file fingerprints.yaml

# diff a local file with data from an existing applied policy

spyctl diff -f policy.yaml -P <NAME_OR_UID>

# diff a local file with a valid UID in its metadata with the matching

# policy in the Spyderbat Backend

spyctl diff -f policy.yaml -P

• Each policy has one or more Selectors in its spec field,

relevant Fingerprints are those that match those Selectors.

For time field options such as –start-time and –end-time you can use (m) for minutes, (h) for hours (d) for days, and (w) for weeks back from now or provide timestamps in epoch format.

Note: Long time ranges or “get” commands in a context consisting of multiple machines can take a long time.

spyctl diff [OPTIONS]

Options

-f, --filename <filename>

Target file(s) of the diff. This argument is mutually exclusive with arguments: [policy].

-p, --policy <policy>

Target policy name(s) or uid(s) of the diff. If supplied with no argument, set to ‘all’. This argument is mutually exclusive with arguments: [filename].

-w, --with-file <with_file>

File to diff with target. This argument is mutually exclusive with arguments: [with_policy].

-P, --with-policy <with_policy>

Policy uid to diff with target. If supplied with no argument then spyctl will attempt to find a policy matching the uid in the target’s metadata. This argument is mutually exclusive with arguments: [with_file].

-l, --latest

Diff target with latest records using the value of ‘latestTimestamp’ in ‘metadata’. This replaces –start-time.

-t, --start-time <st>

Start time of the query for fingerprints to diff. Only used if –latest, –with-file, –with-policy are not set. Default is 24 hours ago.

-e, --end-time <et>

End time of the query for fingerprints to diff. Only used if –with-file, and –with-policy are not set. Default is now.

--full-diff

A diff summary is shown by default, set this flag to show the full object when viewing a diff. (All changes to the object are shown in the summary).

-o, --output <output>

Options:

yaml | json | ndjson | default

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

--include-network, --exclude-network

Include or exclude network data in the diff. Default is to include network data in the diff.

--colorize, --no-colorize

Specify coloration on or off. Default is on.

Use “spyctl <command> –help” for more information about a given command.

disable

Disable a Spyderbat resource.

spyctl disable [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Disable a custom flag by name or uid.

spyctl disable custom-flag [OPTIONS] NAME_OR_ID

Options

-y, --yes

Automatically answer yes to all prompts.

Arguments

NAME_OR_ID

Required argument

Use “spyctl <command> –help” for more information about a given command.

edit

Edit resources by resource and name, or by resource and ids

spyctl edit [OPTIONS] [RESOURCE] [NAME_OR_ID]

Options

-f, --filename <filename>

Filename to use to edit the resource.

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

RESOURCE

Optional argument

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

enable

Enable a Spyderbat resource.

spyctl enable [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Enable a custom flag by name or uid.

spyctl enable custom-flag [OPTIONS] NAME_OR_ID

Options

-y, --yes

Automatically answer yes to all prompts.

Arguments

NAME_OR_ID

Required argument

Use “spyctl <command> –help” for more information about a given command.

export

Export Spyderbat Resources for later use to import.

spyctl export [OPTIONS] RESOURCE [NAME_OR_ID]

Options

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--type <meta_type>

The type of policy to return.

Options:

trace | container | linux-service

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

Arguments

RESOURCE

Required argument

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

get

Get Spyderbat Resources.

spyctl get [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

agent-health-notification-settings

Get agent health notification settings.

spyctl get agent-health-notification-settings [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--reversed

Reverse the order of the results.

--action-taken-equals <action_taken_equals>

Only show historical ‘audit’ resources generated by a specific user action, such as ‘insert’ or ‘delete’

Options:

insert | delete | update | enable | disable

--latest-version

Pulling from the historical ‘audit’ tables, only retrieve the latest version of the resources by uid.

--raw-data

--scope-query-equals <scope_query_equals>

Filter by scope query matching the specified string.

--scope-query-contains <scope_query_contains>

Filter by scope query containing the specified string.

--from-history

Include historical archive data in the output.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

agents

Get agents by name or id.

spyctl get agents [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--agent-arch-ends-with <agent_arch_ends_with>

Only show Agent resources where field ‘Agent Architecture’ ‘ends-with’ provided.

--agent-arch-starts-with <agent_arch_starts_with>

Only show Agent resources where field ‘Agent Architecture’ ‘starts-with’ provided.

--agent-arch-not-contains <agent_arch_not_contains>

Only show Agent resources where field ‘Agent Architecture’ ‘not-contains’ provided.

--agent-arch-contains <agent_arch_contains>

Only show Agent resources where field ‘Agent Architecture’ ‘contains’ provided.

--agent-arch-not-equals <agent_arch_not_equals>

Only show Agent resources where field ‘Agent Architecture’ ‘not-equals’ provided.

--agent-arch-equals <agent_arch_equals>

Only show Agent resources where field ‘Agent Architecture’ ‘equals’ provided.

--agent-type-ends-with <agent_type_ends_with>

Only show Agent resources where field ‘Agent Type’ ‘ends-with’ provided.

--agent-type-starts-with <agent_type_starts_with>

Only show Agent resources where field ‘Agent Type’ ‘starts-with’ provided.

--agent-type-not-contains <agent_type_not_contains>

Only show Agent resources where field ‘Agent Type’ ‘not-contains’ provided.

--agent-type-contains <agent_type_contains>

Only show Agent resources where field ‘Agent Type’ ‘contains’ provided.

--agent-type-not-equals <agent_type_not_equals>

Only show Agent resources where field ‘Agent Type’ ‘not-equals’ provided.

--agent-type-equals <agent_type_equals>

Only show Agent resources where field ‘Agent Type’ ‘equals’ provided.

--agent-version-ends-with <agent_version_ends_with>

Only show Agent resources where field ‘Agent Version’ ‘ends-with’ provided.

--agent-version-starts-with <agent_version_starts_with>

Only show Agent resources where field ‘Agent Version’ ‘starts-with’ provided.

--agent-version-not-contains <agent_version_not_contains>

Only show Agent resources where field ‘Agent Version’ ‘not-contains’ provided.

--agent-version-contains <agent_version_contains>

Only show Agent resources where field ‘Agent Version’ ‘contains’ provided.

--agent-version-not-equals <agent_version_not_equals>

Only show Agent resources where field ‘Agent Version’ ‘not-equals’ provided.

--agent-version-equals <agent_version_equals>

Only show Agent resources where field ‘Agent Version’ ‘equals’ provided.

--is-ephemeral <is_ephemeral>

Only show Agent resources where field ‘Is Ephemeral’ matches the provided boolean value.

--hostname-ends-with <hostname_ends_with>

Only show Agent resources where field ‘Hostname’ ‘ends-with’ provided.

--hostname-starts-with <hostname_starts_with>

Only show Agent resources where field ‘Hostname’ ‘starts-with’ provided.

--hostname-not-contains <hostname_not_contains>

Only show Agent resources where field ‘Hostname’ ‘not-contains’ provided.

--hostname-contains <hostname_contains>

Only show Agent resources where field ‘Hostname’ ‘contains’ provided.

--hostname-not-equals <hostname_not_equals>

Only show Agent resources where field ‘Hostname’ ‘not-equals’ provided.

--hostname-equals <hostname_equals>

Only show Agent resources where field ‘Hostname’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Agent resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Agent resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Agent resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Agent resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Agent resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Agent resources where field ‘UID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Agent resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Agent resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Agent resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Agent resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Agent resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Agent resources where field ‘Machine UID’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Agent resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Agent resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Agent resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Agent resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Agent resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Agent resources where field ‘original_schema’ ‘equals’ provided.

--os-pretty-name-ends-with <os_pretty_name_ends_with>

Only show Agent resources where field ‘OS Pretty Name’ ‘ends-with’ provided.

--os-pretty-name-starts-with <os_pretty_name_starts_with>

Only show Agent resources where field ‘OS Pretty Name’ ‘starts-with’ provided.

--os-pretty-name-not-contains <os_pretty_name_not_contains>

Only show Agent resources where field ‘OS Pretty Name’ ‘not-contains’ provided.

--os-pretty-name-contains <os_pretty_name_contains>

Only show Agent resources where field ‘OS Pretty Name’ ‘contains’ provided.

--os-pretty-name-not-equals <os_pretty_name_not_equals>

Only show Agent resources where field ‘OS Pretty Name’ ‘not-equals’ provided.

--os-pretty-name-equals <os_pretty_name_equals>

Only show Agent resources where field ‘OS Pretty Name’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Agent resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Agent resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Agent resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Agent resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Agent resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Agent resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Agent resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Agent resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Agent resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Agent resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Agent resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Agent resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

bash-cmds

Get bash commands.

spyctl get bash-cmds [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cwd <cwd>

Filter by cwd.

--euser <euser>

Filter by effective user.

--machine-uid <machine_uid>

Filter by machine.

--process-uid <process_uid>

Filter by process.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

clusterrolebindings

Get clusterrolebindings by name or id.

spyctl get clusterrolebindings [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Cluster Role Binding resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Cluster Role Binding resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Cluster Role Binding resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Cluster Role Binding resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Cluster Role Binding resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Cluster Role Binding resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Cluster Role Binding resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Cluster Role Binding resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Cluster Role Binding resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Cluster Role Binding resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Cluster Role Binding resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Cluster Role Binding resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Cluster Role Binding resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Cluster Role Binding resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Cluster Role Binding resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Cluster Role Binding resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Cluster Role Binding resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Cluster Role Binding resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Cluster Role Binding resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Cluster Role Binding resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Cluster Role Binding resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Cluster Role Binding resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Cluster Role Binding resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Cluster Role Binding resources where field ‘Name’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Cluster Role Binding resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Cluster Role Binding resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Cluster Role Binding resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Cluster Role Binding resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Cluster Role Binding resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Cluster Role Binding resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Cluster Role Binding resources where field ‘Original schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Cluster Role Binding resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Cluster Role Binding resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Cluster Role Binding resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Cluster Role Binding resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Cluster Role Binding resources where field ‘Red Flag Count’ ‘equals’ provided.

--roleRef_role-uid-ends-with <roleref_role_uid_ends_with>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘ends-with’ provided.

--roleRef_role-uid-starts-with <roleref_role_uid_starts_with>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘starts-with’ provided.

--roleRef_role-uid-not-contains <roleref_role_uid_not_contains>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘not-contains’ provided.

--roleRef_role-uid-contains <roleref_role_uid_contains>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘contains’ provided.

--roleRef_role-uid-not-equals <roleref_role_uid_not_equals>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘not-equals’ provided.

--roleRef_role-uid-equals <roleref_role_uid_equals>

Only show Cluster Role Binding resources where field ‘Cluster Role UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Cluster Role Binding resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Cluster Role Binding resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Cluster Role Binding resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Cluster Role Binding resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Cluster Role Binding resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Cluster Role Binding resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Cluster Role Binding resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Cluster Role Binding resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Cluster Role Binding resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Cluster Role Binding resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Cluster Role Binding resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Cluster Role Binding resources where field ‘Status’ ‘equals’ provided.

--subject-uids-all-items-not-contains <subject_uids_all_items_not_contains>

Only show Cluster Role Binding resources where field ‘Subjects’ ‘all-items-not-contains’ provided.

--subject-uids-all-items-not-equals <subject_uids_all_items_not_equals>

Only show Cluster Role Binding resources where field ‘Subjects’ ‘all-items-not-equals’ provided.

--subject-uids-any-item-contains <subject_uids_any_item_contains>

Only show Cluster Role Binding resources where field ‘Subjects’ ‘any-item-contains’ provided.

--subject-uids-any-item-equals <subject_uids_any_item_equals>

Only show Cluster Role Binding resources where field ‘Subjects’ ‘any-item-equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

clusterroles

Get clusterroles by name or id.

spyctl get clusterroles [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Cluster Role resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Cluster Role resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Cluster Role resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Cluster Role resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Cluster Role resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Cluster Role resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Cluster Role resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Cluster Role resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Cluster Role resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Cluster Role resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Cluster Role resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Cluster Role resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Cluster Role resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Cluster Role resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Cluster Role resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Cluster Role resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Cluster Role resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Cluster Role resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Cluster Role resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Cluster Role resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Cluster Role resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Cluster Role resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Cluster Role resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Cluster Role resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Cluster Role resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Cluster Role resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Cluster Role resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Cluster Role resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Cluster Role resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Cluster Role resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Cluster Role resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Cluster Role resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Cluster Role resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Cluster Role resources where field ‘Name’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Cluster Role resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Cluster Role resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Cluster Role resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Cluster Role resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Cluster Role resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Cluster Role resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Cluster Role resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Cluster Role resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Cluster Role resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Cluster Role resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Cluster Role resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Cluster Role resources where field ‘Original schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Cluster Role resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Cluster Role resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Cluster Role resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Cluster Role resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Cluster Role resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Cluster Role resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Cluster Role resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Cluster Role resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Cluster Role resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Cluster Role resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Cluster Role resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Cluster Role resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Cluster Role resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Cluster Role resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Cluster Role resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Cluster Role resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Cluster Role resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

clusters

Get clusters by name or id.

spyctl get clusters [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

connection-bundles

Get containers by name or id.

spyctl get connection-bundles [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--client-asn-lt <client_asn_lt>

Only show Connection Bundle resources where field ‘Client ASN’ ‘lt’ provided.

--client-asn-gte <client_asn_gte>

Only show Connection Bundle resources where field ‘Client ASN’ ‘gte’ provided.

--client-asn-gt <client_asn_gt>

Only show Connection Bundle resources where field ‘Client ASN’ ‘gt’ provided.

--client-asn-not-equals <client_asn_not_equals>

Only show Connection Bundle resources where field ‘Client ASN’ ‘not-equals’ provided.

--client-asn-equals <client_asn_equals>

Only show Connection Bundle resources where field ‘Client ASN’ ‘equals’ provided.

--client-asn-country-ends-with <client_asn_country_ends_with>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘ends-with’ provided.

--client-asn-country-starts-with <client_asn_country_starts_with>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘starts-with’ provided.

--client-asn-country-not-contains <client_asn_country_not_contains>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘not-contains’ provided.

--client-asn-country-contains <client_asn_country_contains>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘contains’ provided.

--client-asn-country-not-equals <client_asn_country_not_equals>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘not-equals’ provided.

--client-asn-country-equals <client_asn_country_equals>

Only show Connection Bundle resources where field ‘Client ASN Country’ ‘equals’ provided.

--client-asn-name-ends-with <client_asn_name_ends_with>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘ends-with’ provided.

--client-asn-name-starts-with <client_asn_name_starts_with>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘starts-with’ provided.

--client-asn-name-not-contains <client_asn_name_not_contains>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘not-contains’ provided.

--client-asn-name-contains <client_asn_name_contains>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘contains’ provided.

--client-asn-name-not-equals <client_asn_name_not_equals>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘not-equals’ provided.

--client-asn-name-equals <client_asn_name_equals>

Only show Connection Bundle resources where field ‘Client ASN Name’ ‘equals’ provided.

--client-cloud-name-ends-with <client_cloud_name_ends_with>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘ends-with’ provided.

--client-cloud-name-starts-with <client_cloud_name_starts_with>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘starts-with’ provided.

--client-cloud-name-not-contains <client_cloud_name_not_contains>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘not-contains’ provided.

--client-cloud-name-contains <client_cloud_name_contains>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘contains’ provided.

--client-cloud-name-not-equals <client_cloud_name_not_equals>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘not-equals’ provided.

--client-cloud-name-equals <client_cloud_name_equals>

Only show Connection Bundle resources where field ‘Client Cloud Name’ ‘equals’ provided.

--client-cluster-uid-ends-with <client_cluster_uid_ends_with>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘ends-with’ provided.

--client-cluster-uid-starts-with <client_cluster_uid_starts_with>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘starts-with’ provided.

--client-cluster-uid-not-contains <client_cluster_uid_not_contains>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘not-contains’ provided.

--client-cluster-uid-contains <client_cluster_uid_contains>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘contains’ provided.

--client-cluster-uid-not-equals <client_cluster_uid_not_equals>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘not-equals’ provided.

--client-cluster-uid-equals <client_cluster_uid_equals>

Only show Connection Bundle resources where field ‘Client Cluster UID’ ‘equals’ provided.

--client-container-uid-ends-with <client_container_uid_ends_with>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘ends-with’ provided.

--client-container-uid-starts-with <client_container_uid_starts_with>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘starts-with’ provided.

--client-container-uid-not-contains <client_container_uid_not_contains>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘not-contains’ provided.

--client-container-uid-contains <client_container_uid_contains>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘contains’ provided.

--client-container-uid-not-equals <client_container_uid_not_equals>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘not-equals’ provided.

--client-container-uid-equals <client_container_uid_equals>

Only show Connection Bundle resources where field ‘Client Container UID’ ‘equals’ provided.

--client-dns-name-ends-with <client_dns_name_ends_with>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘ends-with’ provided.

--client-dns-name-starts-with <client_dns_name_starts_with>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘starts-with’ provided.

--client-dns-name-not-contains <client_dns_name_not_contains>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘not-contains’ provided.

--client-dns-name-contains <client_dns_name_contains>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘contains’ provided.

--client-dns-name-not-equals <client_dns_name_not_equals>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘not-equals’ provided.

--client-dns-name-equals <client_dns_name_equals>

Only show Connection Bundle resources where field ‘Client DNS Name’ ‘equals’ provided.

--client-ip-not-in-subnet <client_ip_not_in_subnet>

Only show Connection Bundle resources where field ‘Client IP’ ‘not-in-subnet’ provided.

--client-ip-in-subnet <client_ip_in_subnet>

Only show Connection Bundle resources where field ‘Client IP’ ‘in-subnet’ provided.

--client-ip-not-equals <client_ip_not_equals>

Only show Connection Bundle resources where field ‘Client IP’ ‘not-equals’ provided.

--client-ip-equals <client_ip_equals>

Only show Connection Bundle resources where field ‘Client IP’ ‘equals’ provided.

--client-muid-ends-with <client_muid_ends_with>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘ends-with’ provided.

--client-muid-starts-with <client_muid_starts_with>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘starts-with’ provided.

--client-muid-not-contains <client_muid_not_contains>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘not-contains’ provided.

--client-muid-contains <client_muid_contains>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘contains’ provided.

--client-muid-not-equals <client_muid_not_equals>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘not-equals’ provided.

--client-muid-equals <client_muid_equals>

Only show Connection Bundle resources where field ‘Client Machine UID’ ‘equals’ provided.

--client-pod-uid-ends-with <client_pod_uid_ends_with>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘ends-with’ provided.

--client-pod-uid-starts-with <client_pod_uid_starts_with>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘starts-with’ provided.

--client-pod-uid-not-contains <client_pod_uid_not_contains>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘not-contains’ provided.

--client-pod-uid-contains <client_pod_uid_contains>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘contains’ provided.

--client-pod-uid-not-equals <client_pod_uid_not_equals>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘not-equals’ provided.

--client-pod-uid-equals <client_pod_uid_equals>

Only show Connection Bundle resources where field ‘Client Pod UID’ ‘equals’ provided.

--client-proc-name-ends-with <client_proc_name_ends_with>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘ends-with’ provided.

--client-proc-name-starts-with <client_proc_name_starts_with>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘starts-with’ provided.

--client-proc-name-not-contains <client_proc_name_not_contains>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘not-contains’ provided.

--client-proc-name-contains <client_proc_name_contains>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘contains’ provided.

--client-proc-name-not-equals <client_proc_name_not_equals>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘not-equals’ provided.

--client-proc-name-equals <client_proc_name_equals>

Only show Connection Bundle resources where field ‘Client Process Name’ ‘equals’ provided.

--client-puid-ends-with <client_puid_ends_with>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘ends-with’ provided.

--client-puid-starts-with <client_puid_starts_with>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘starts-with’ provided.

--client-puid-not-contains <client_puid_not_contains>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘not-contains’ provided.

--client-puid-contains <client_puid_contains>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘contains’ provided.

--client-puid-not-equals <client_puid_not_equals>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘not-equals’ provided.

--client-puid-equals <client_puid_equals>

Only show Connection Bundle resources where field ‘Client Process UID’ ‘equals’ provided.

--client-type-ends-with <client_type_ends_with>

Only show Connection Bundle resources where field ‘’ ‘ends-with’ provided.

--client-type-starts-with <client_type_starts_with>

Only show Connection Bundle resources where field ‘’ ‘starts-with’ provided.

--client-type-not-contains <client_type_not_contains>

Only show Connection Bundle resources where field ‘’ ‘not-contains’ provided.

--client-type-contains <client_type_contains>

Only show Connection Bundle resources where field ‘’ ‘contains’ provided.

--client-type-not-equals <client_type_not_equals>

Only show Connection Bundle resources where field ‘’ ‘not-equals’ provided.

--client-type-equals <client_type_equals>

Only show Connection Bundle resources where field ‘’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Connection Bundle resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Connection Bundle resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Connection Bundle resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Connection Bundle resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Connection Bundle resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Connection Bundle resources where field ‘UID’ ‘equals’ provided.

--num-connections-lt <num_connections_lt>

Only show Connection Bundle resources where field ‘Number of Connections’ ‘lt’ provided.

--num-connections-gte <num_connections_gte>

Only show Connection Bundle resources where field ‘Number of Connections’ ‘gte’ provided.

--num-connections-gt <num_connections_gt>

Only show Connection Bundle resources where field ‘Number of Connections’ ‘gt’ provided.

--num-connections-not-equals <num_connections_not_equals>

Only show Connection Bundle resources where field ‘Number of Connections’ ‘not-equals’ provided.

--num-connections-equals <num_connections_equals>

Only show Connection Bundle resources where field ‘Number of Connections’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Connection Bundle resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Connection Bundle resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Connection Bundle resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Connection Bundle resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Connection Bundle resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Connection Bundle resources where field ‘Original schema’ ‘equals’ provided.

--proto-ends-with <proto_ends_with>

Only show Connection Bundle resources where field ‘’ ‘ends-with’ provided.

--proto-starts-with <proto_starts_with>

Only show Connection Bundle resources where field ‘’ ‘starts-with’ provided.

--proto-not-contains <proto_not_contains>

Only show Connection Bundle resources where field ‘’ ‘not-contains’ provided.

--proto-contains <proto_contains>

Only show Connection Bundle resources where field ‘’ ‘contains’ provided.

--proto-not-equals <proto_not_equals>

Only show Connection Bundle resources where field ‘’ ‘not-equals’ provided.

--proto-equals <proto_equals>

Only show Connection Bundle resources where field ‘’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Connection Bundle resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Connection Bundle resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Connection Bundle resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Connection Bundle resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Connection Bundle resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Connection Bundle resources where field ‘Schema’ ‘equals’ provided.

--server-asn-lt <server_asn_lt>

Only show Connection Bundle resources where field ‘Server ASN’ ‘lt’ provided.

--server-asn-gte <server_asn_gte>

Only show Connection Bundle resources where field ‘Server ASN’ ‘gte’ provided.

--server-asn-gt <server_asn_gt>

Only show Connection Bundle resources where field ‘Server ASN’ ‘gt’ provided.

--server-asn-not-equals <server_asn_not_equals>

Only show Connection Bundle resources where field ‘Server ASN’ ‘not-equals’ provided.

--server-asn-equals <server_asn_equals>

Only show Connection Bundle resources where field ‘Server ASN’ ‘equals’ provided.

--server-asn-country-ends-with <server_asn_country_ends_with>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘ends-with’ provided.

--server-asn-country-starts-with <server_asn_country_starts_with>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘starts-with’ provided.

--server-asn-country-not-contains <server_asn_country_not_contains>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘not-contains’ provided.

--server-asn-country-contains <server_asn_country_contains>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘contains’ provided.

--server-asn-country-not-equals <server_asn_country_not_equals>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘not-equals’ provided.

--server-asn-country-equals <server_asn_country_equals>

Only show Connection Bundle resources where field ‘Server ASN Country’ ‘equals’ provided.

--server-asn-name-ends-with <server_asn_name_ends_with>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘ends-with’ provided.

--server-asn-name-starts-with <server_asn_name_starts_with>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘starts-with’ provided.

--server-asn-name-not-contains <server_asn_name_not_contains>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘not-contains’ provided.

--server-asn-name-contains <server_asn_name_contains>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘contains’ provided.

--server-asn-name-not-equals <server_asn_name_not_equals>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘not-equals’ provided.

--server-asn-name-equals <server_asn_name_equals>

Only show Connection Bundle resources where field ‘Server ASN Name’ ‘equals’ provided.

--server-cloud-name-ends-with <server_cloud_name_ends_with>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘ends-with’ provided.

--server-cloud-name-starts-with <server_cloud_name_starts_with>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘starts-with’ provided.

--server-cloud-name-not-contains <server_cloud_name_not_contains>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘not-contains’ provided.

--server-cloud-name-contains <server_cloud_name_contains>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘contains’ provided.

--server-cloud-name-not-equals <server_cloud_name_not_equals>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘not-equals’ provided.

--server-cloud-name-equals <server_cloud_name_equals>

Only show Connection Bundle resources where field ‘Server Cloud Name’ ‘equals’ provided.

--server-cluster-uid-ends-with <server_cluster_uid_ends_with>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘ends-with’ provided.

--server-cluster-uid-starts-with <server_cluster_uid_starts_with>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘starts-with’ provided.

--server-cluster-uid-not-contains <server_cluster_uid_not_contains>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘not-contains’ provided.

--server-cluster-uid-contains <server_cluster_uid_contains>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘contains’ provided.

--server-cluster-uid-not-equals <server_cluster_uid_not_equals>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘not-equals’ provided.

--server-cluster-uid-equals <server_cluster_uid_equals>

Only show Connection Bundle resources where field ‘Server Cluster UID’ ‘equals’ provided.

--server-container-uid-ends-with <server_container_uid_ends_with>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘ends-with’ provided.

--server-container-uid-starts-with <server_container_uid_starts_with>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘starts-with’ provided.

--server-container-uid-not-contains <server_container_uid_not_contains>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘not-contains’ provided.

--server-container-uid-contains <server_container_uid_contains>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘contains’ provided.

--server-container-uid-not-equals <server_container_uid_not_equals>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘not-equals’ provided.

--server-container-uid-equals <server_container_uid_equals>

Only show Connection Bundle resources where field ‘Server Container UID’ ‘equals’ provided.

--server-dns-name-ends-with <server_dns_name_ends_with>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘ends-with’ provided.

--server-dns-name-starts-with <server_dns_name_starts_with>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘starts-with’ provided.

--server-dns-name-not-contains <server_dns_name_not_contains>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘not-contains’ provided.

--server-dns-name-contains <server_dns_name_contains>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘contains’ provided.

--server-dns-name-not-equals <server_dns_name_not_equals>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘not-equals’ provided.

--server-dns-name-equals <server_dns_name_equals>

Only show Connection Bundle resources where field ‘Server DNS Name’ ‘equals’ provided.

--server-endpoint-uid-ends-with <server_endpoint_uid_ends_with>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘ends-with’ provided.

--server-endpoint-uid-starts-with <server_endpoint_uid_starts_with>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘starts-with’ provided.

--server-endpoint-uid-not-contains <server_endpoint_uid_not_contains>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘not-contains’ provided.

--server-endpoint-uid-contains <server_endpoint_uid_contains>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘contains’ provided.

--server-endpoint-uid-not-equals <server_endpoint_uid_not_equals>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘not-equals’ provided.

--server-endpoint-uid-equals <server_endpoint_uid_equals>

Only show Connection Bundle resources where field ‘Server Endpoint UID’ ‘equals’ provided.

--server-ip-not-in-subnet <server_ip_not_in_subnet>

Only show Connection Bundle resources where field ‘Server IP’ ‘not-in-subnet’ provided.

--server-ip-in-subnet <server_ip_in_subnet>

Only show Connection Bundle resources where field ‘Server IP’ ‘in-subnet’ provided.

--server-ip-not-equals <server_ip_not_equals>

Only show Connection Bundle resources where field ‘Server IP’ ‘not-equals’ provided.

--server-ip-equals <server_ip_equals>

Only show Connection Bundle resources where field ‘Server IP’ ‘equals’ provided.

--server-muid-ends-with <server_muid_ends_with>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘ends-with’ provided.

--server-muid-starts-with <server_muid_starts_with>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘starts-with’ provided.

--server-muid-not-contains <server_muid_not_contains>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘not-contains’ provided.

--server-muid-contains <server_muid_contains>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘contains’ provided.

--server-muid-not-equals <server_muid_not_equals>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘not-equals’ provided.

--server-muid-equals <server_muid_equals>

Only show Connection Bundle resources where field ‘Server Machine UID’ ‘equals’ provided.

--server-pod-uid-ends-with <server_pod_uid_ends_with>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘ends-with’ provided.

--server-pod-uid-starts-with <server_pod_uid_starts_with>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘starts-with’ provided.

--server-pod-uid-not-contains <server_pod_uid_not_contains>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘not-contains’ provided.

--server-pod-uid-contains <server_pod_uid_contains>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘contains’ provided.

--server-pod-uid-not-equals <server_pod_uid_not_equals>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘not-equals’ provided.

--server-pod-uid-equals <server_pod_uid_equals>

Only show Connection Bundle resources where field ‘Server Pod UID’ ‘equals’ provided.

--server-port-lt <server_port_lt>

Only show Connection Bundle resources where field ‘Server Port’ ‘lt’ provided.

--server-port-gte <server_port_gte>

Only show Connection Bundle resources where field ‘Server Port’ ‘gte’ provided.

--server-port-gt <server_port_gt>

Only show Connection Bundle resources where field ‘Server Port’ ‘gt’ provided.

--server-port-not-equals <server_port_not_equals>

Only show Connection Bundle resources where field ‘Server Port’ ‘not-equals’ provided.

--server-port-equals <server_port_equals>

Only show Connection Bundle resources where field ‘Server Port’ ‘equals’ provided.

--server-proc-name-ends-with <server_proc_name_ends_with>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘ends-with’ provided.

--server-proc-name-starts-with <server_proc_name_starts_with>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘starts-with’ provided.

--server-proc-name-not-contains <server_proc_name_not_contains>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘not-contains’ provided.

--server-proc-name-contains <server_proc_name_contains>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘contains’ provided.

--server-proc-name-not-equals <server_proc_name_not_equals>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘not-equals’ provided.

--server-proc-name-equals <server_proc_name_equals>

Only show Connection Bundle resources where field ‘Server Process Name’ ‘equals’ provided.

--server-puid-ends-with <server_puid_ends_with>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘ends-with’ provided.

--server-puid-starts-with <server_puid_starts_with>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘starts-with’ provided.

--server-puid-not-contains <server_puid_not_contains>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘not-contains’ provided.

--server-puid-contains <server_puid_contains>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘contains’ provided.

--server-puid-not-equals <server_puid_not_equals>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘not-equals’ provided.

--server-puid-equals <server_puid_equals>

Only show Connection Bundle resources where field ‘Server Process UID’ ‘equals’ provided.

--server-type-ends-with <server_type_ends_with>

Only show Connection Bundle resources where field ‘’ ‘ends-with’ provided.

--server-type-starts-with <server_type_starts_with>

Only show Connection Bundle resources where field ‘’ ‘starts-with’ provided.

--server-type-not-contains <server_type_not_contains>

Only show Connection Bundle resources where field ‘’ ‘not-contains’ provided.

--server-type-contains <server_type_contains>

Only show Connection Bundle resources where field ‘’ ‘contains’ provided.

--server-type-not-equals <server_type_not_equals>

Only show Connection Bundle resources where field ‘’ ‘not-equals’ provided.

--server-type-equals <server_type_equals>

Only show Connection Bundle resources where field ‘’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

connections

Get connections by name or id.

spyctl get connections [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--bytes-rx-lt <bytes_rx_lt>

Only show Connection resources where field ‘Bytes Received’ ‘lt’ provided.

--bytes-rx-gte <bytes_rx_gte>

Only show Connection resources where field ‘Bytes Received’ ‘gte’ provided.

--bytes-rx-gt <bytes_rx_gt>

Only show Connection resources where field ‘Bytes Received’ ‘gt’ provided.

--bytes-rx-not-equals <bytes_rx_not_equals>

Only show Connection resources where field ‘Bytes Received’ ‘not-equals’ provided.

--bytes-rx-equals <bytes_rx_equals>

Only show Connection resources where field ‘Bytes Received’ ‘equals’ provided.

--bytes-tx-lt <bytes_tx_lt>

Only show Connection resources where field ‘Bytes Sent’ ‘lt’ provided.

--bytes-tx-gte <bytes_tx_gte>

Only show Connection resources where field ‘Bytes Sent’ ‘gte’ provided.

--bytes-tx-gt <bytes_tx_gt>

Only show Connection resources where field ‘Bytes Sent’ ‘gt’ provided.

--bytes-tx-not-equals <bytes_tx_not_equals>

Only show Connection resources where field ‘Bytes Sent’ ‘not-equals’ provided.

--bytes-tx-equals <bytes_tx_equals>

Only show Connection resources where field ‘Bytes Sent’ ‘equals’ provided.

--cgroup-ends-with <cgroup_ends_with>

Only show Connection resources where field ‘CGroup’ ‘ends-with’ provided.

--cgroup-starts-with <cgroup_starts_with>

Only show Connection resources where field ‘CGroup’ ‘starts-with’ provided.

--cgroup-not-contains <cgroup_not_contains>

Only show Connection resources where field ‘CGroup’ ‘not-contains’ provided.

--cgroup-contains <cgroup_contains>

Only show Connection resources where field ‘CGroup’ ‘contains’ provided.

--cgroup-not-equals <cgroup_not_equals>

Only show Connection resources where field ‘CGroup’ ‘not-equals’ provided.

--cgroup-equals <cgroup_equals>

Only show Connection resources where field ‘CGroup’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Connection resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Connection resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Connection resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Connection resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Connection resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Connection resources where field ‘Container UID’ ‘equals’ provided.

--direction-ends-with <direction_ends_with>

Only show Connection resources where field ‘Direction’ ‘ends-with’ provided.

--direction-starts-with <direction_starts_with>

Only show Connection resources where field ‘Direction’ ‘starts-with’ provided.

--direction-not-contains <direction_not_contains>

Only show Connection resources where field ‘Direction’ ‘not-contains’ provided.

--direction-contains <direction_contains>

Only show Connection resources where field ‘Direction’ ‘contains’ provided.

--direction-not-equals <direction_not_equals>

Only show Connection resources where field ‘Direction’ ‘not-equals’ provided.

--direction-equals <direction_equals>

Only show Connection resources where field ‘Direction’ ‘equals’ provided.

--dsts-all-items-not-contains <dsts_all_items_not_contains>

Only show Connection resources where field ‘Destination’ ‘all-items-not-contains’ provided.

--dsts-all-items-not-equals <dsts_all_items_not_equals>

Only show Connection resources where field ‘Destination’ ‘all-items-not-equals’ provided.

--dsts-any-item-contains <dsts_any_item_contains>

Only show Connection resources where field ‘Destination’ ‘any-item-contains’ provided.

--dsts-any-item-equals <dsts_any_item_equals>

Only show Connection resources where field ‘Destination’ ‘any-item-equals’ provided.

--duration-lt <duration_lt>

Only show Connection resources where field ‘Duration’ ‘lt’ provided.

--duration-gte <duration_gte>

Only show Connection resources where field ‘Duration’ ‘gte’ provided.

--duration-gt <duration_gt>

Only show Connection resources where field ‘Duration’ ‘gt’ provided.

--duration-not-equals <duration_not_equals>

Only show Connection resources where field ‘Duration’ ‘not-equals’ provided.

--duration-equals <duration_equals>

Only show Connection resources where field ‘Duration’ ‘equals’ provided.

--family-ends-with <family_ends_with>

Only show Connection resources where field ‘Family’ ‘ends-with’ provided.

--family-starts-with <family_starts_with>

Only show Connection resources where field ‘Family’ ‘starts-with’ provided.

--family-not-contains <family_not_contains>

Only show Connection resources where field ‘Family’ ‘not-contains’ provided.

--family-contains <family_contains>

Only show Connection resources where field ‘Family’ ‘contains’ provided.

--family-not-equals <family_not_equals>

Only show Connection resources where field ‘Family’ ‘not-equals’ provided.

--family-equals <family_equals>

Only show Connection resources where field ‘Family’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Connection resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Connection resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Connection resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Connection resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Connection resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Connection resources where field ‘UID’ ‘equals’ provided.

--local-ip-not-in-subnet <local_ip_not_in_subnet>

Only show Connection resources where field ‘Local IP’ ‘not-in-subnet’ provided.

--local-ip-in-subnet <local_ip_in_subnet>

Only show Connection resources where field ‘Local IP’ ‘in-subnet’ provided.

--local-ip-not-equals <local_ip_not_equals>

Only show Connection resources where field ‘Local IP’ ‘not-equals’ provided.

--local-ip-equals <local_ip_equals>

Only show Connection resources where field ‘Local IP’ ‘equals’ provided.

--local-port-lt <local_port_lt>

Only show Connection resources where field ‘Local port’ ‘lt’ provided.

--local-port-gte <local_port_gte>

Only show Connection resources where field ‘Local port’ ‘gte’ provided.

--local-port-gt <local_port_gt>

Only show Connection resources where field ‘Local port’ ‘gt’ provided.

--local-port-not-equals <local_port_not_equals>

Only show Connection resources where field ‘Local port’ ‘not-equals’ provided.

--local-port-equals <local_port_equals>

Only show Connection resources where field ‘Local port’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Connection resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Connection resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Connection resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Connection resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Connection resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Connection resources where field ‘Machine UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Connection resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Connection resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Connection resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Connection resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Connection resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Connection resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Connection resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Connection resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Connection resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Connection resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Connection resources where field ‘Original schema’ ‘equals’ provided.

--payload-ends-with <payload_ends_with>

Only show Connection resources where field ‘Payload’ ‘ends-with’ provided.

--payload-starts-with <payload_starts_with>

Only show Connection resources where field ‘Payload’ ‘starts-with’ provided.

--payload-not-contains <payload_not_contains>

Only show Connection resources where field ‘Payload’ ‘not-contains’ provided.

--payload-contains <payload_contains>

Only show Connection resources where field ‘Payload’ ‘contains’ provided.

--payload-not-equals <payload_not_equals>

Only show Connection resources where field ‘Payload’ ‘not-equals’ provided.

--payload-equals <payload_equals>

Only show Connection resources where field ‘Payload’ ‘equals’ provided.

--peer-cuid-ends-with <peer_cuid_ends_with>

Only show Connection resources where field ‘Peer Connection UID’ ‘ends-with’ provided.

--peer-cuid-starts-with <peer_cuid_starts_with>

Only show Connection resources where field ‘Peer Connection UID’ ‘starts-with’ provided.

--peer-cuid-not-contains <peer_cuid_not_contains>

Only show Connection resources where field ‘Peer Connection UID’ ‘not-contains’ provided.

--peer-cuid-contains <peer_cuid_contains>

Only show Connection resources where field ‘Peer Connection UID’ ‘contains’ provided.

--peer-cuid-not-equals <peer_cuid_not_equals>

Only show Connection resources where field ‘Peer Connection UID’ ‘not-equals’ provided.

--peer-cuid-equals <peer_cuid_equals>

Only show Connection resources where field ‘Peer Connection UID’ ‘equals’ provided.

--peer-muid-ends-with <peer_muid_ends_with>

Only show Connection resources where field ‘Peer Machine UID’ ‘ends-with’ provided.

--peer-muid-starts-with <peer_muid_starts_with>

Only show Connection resources where field ‘Peer Machine UID’ ‘starts-with’ provided.

--peer-muid-not-contains <peer_muid_not_contains>

Only show Connection resources where field ‘Peer Machine UID’ ‘not-contains’ provided.

--peer-muid-contains <peer_muid_contains>

Only show Connection resources where field ‘Peer Machine UID’ ‘contains’ provided.

--peer-muid-not-equals <peer_muid_not_equals>

Only show Connection resources where field ‘Peer Machine UID’ ‘not-equals’ provided.

--peer-muid-equals <peer_muid_equals>

Only show Connection resources where field ‘Peer Machine UID’ ‘equals’ provided.

--peer-puid-ends-with <peer_puid_ends_with>

Only show Connection resources where field ‘Peer Process UID’ ‘ends-with’ provided.

--peer-puid-starts-with <peer_puid_starts_with>

Only show Connection resources where field ‘Peer Process UID’ ‘starts-with’ provided.

--peer-puid-not-contains <peer_puid_not_contains>

Only show Connection resources where field ‘Peer Process UID’ ‘not-contains’ provided.

--peer-puid-contains <peer_puid_contains>

Only show Connection resources where field ‘Peer Process UID’ ‘contains’ provided.

--peer-puid-not-equals <peer_puid_not_equals>

Only show Connection resources where field ‘Peer Process UID’ ‘not-equals’ provided.

--peer-puid-equals <peer_puid_equals>

Only show Connection resources where field ‘Peer Process UID’ ‘equals’ provided.

--proc-name-ends-with <proc_name_ends_with>

Only show Connection resources where field ‘Process Name’ ‘ends-with’ provided.

--proc-name-starts-with <proc_name_starts_with>

Only show Connection resources where field ‘Process Name’ ‘starts-with’ provided.

--proc-name-not-contains <proc_name_not_contains>

Only show Connection resources where field ‘Process Name’ ‘not-contains’ provided.

--proc-name-contains <proc_name_contains>

Only show Connection resources where field ‘Process Name’ ‘contains’ provided.

--proc-name-not-equals <proc_name_not_equals>

Only show Connection resources where field ‘Process Name’ ‘not-equals’ provided.

--proc-name-equals <proc_name_equals>

Only show Connection resources where field ‘Process Name’ ‘equals’ provided.

--protocol-ends-with <protocol_ends_with>

Only show Connection resources where field ‘Protocol’ ‘ends-with’ provided.

--protocol-starts-with <protocol_starts_with>

Only show Connection resources where field ‘Protocol’ ‘starts-with’ provided.

--protocol-not-contains <protocol_not_contains>

Only show Connection resources where field ‘Protocol’ ‘not-contains’ provided.

--protocol-contains <protocol_contains>

Only show Connection resources where field ‘Protocol’ ‘contains’ provided.

--protocol-not-equals <protocol_not_equals>

Only show Connection resources where field ‘Protocol’ ‘not-equals’ provided.

--protocol-equals <protocol_equals>

Only show Connection resources where field ‘Protocol’ ‘equals’ provided.

--puid-ends-with <puid_ends_with>

Only show Connection resources where field ‘Process UID’ ‘ends-with’ provided.

--puid-starts-with <puid_starts_with>

Only show Connection resources where field ‘Process UID’ ‘starts-with’ provided.

--puid-not-contains <puid_not_contains>

Only show Connection resources where field ‘Process UID’ ‘not-contains’ provided.

--puid-contains <puid_contains>

Only show Connection resources where field ‘Process UID’ ‘contains’ provided.

--puid-not-equals <puid_not_equals>

Only show Connection resources where field ‘Process UID’ ‘not-equals’ provided.

--puid-equals <puid_equals>

Only show Connection resources where field ‘Process UID’ ‘equals’ provided.

--puids-all-items-not-contains <puids_all_items_not_contains>

Only show Connection resources where field ‘Process UIDs’ ‘all-items-not-contains’ provided.

--puids-all-items-not-equals <puids_all_items_not_equals>

Only show Connection resources where field ‘Process UIDs’ ‘all-items-not-equals’ provided.

--puids-any-item-contains <puids_any_item_contains>

Only show Connection resources where field ‘Process UIDs’ ‘any-item-contains’ provided.

--puids-any-item-equals <puids_any_item_equals>

Only show Connection resources where field ‘Process UIDs’ ‘any-item-equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Connection resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Connection resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Connection resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Connection resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Connection resources where field ‘Red Flag Count’ ‘equals’ provided.

--remote-hostname-ends-with <remote_hostname_ends_with>

Only show Connection resources where field ‘Remote Hostname’ ‘ends-with’ provided.

--remote-hostname-starts-with <remote_hostname_starts_with>

Only show Connection resources where field ‘Remote Hostname’ ‘starts-with’ provided.

--remote-hostname-not-contains <remote_hostname_not_contains>

Only show Connection resources where field ‘Remote Hostname’ ‘not-contains’ provided.

--remote-hostname-contains <remote_hostname_contains>

Only show Connection resources where field ‘Remote Hostname’ ‘contains’ provided.

--remote-hostname-not-equals <remote_hostname_not_equals>

Only show Connection resources where field ‘Remote Hostname’ ‘not-equals’ provided.

--remote-hostname-equals <remote_hostname_equals>

Only show Connection resources where field ‘Remote Hostname’ ‘equals’ provided.

--remote-ip-not-in-subnet <remote_ip_not_in_subnet>

Only show Connection resources where field ‘Remote IP’ ‘not-in-subnet’ provided.

--remote-ip-in-subnet <remote_ip_in_subnet>

Only show Connection resources where field ‘Remote IP’ ‘in-subnet’ provided.

--remote-ip-not-equals <remote_ip_not_equals>

Only show Connection resources where field ‘Remote IP’ ‘not-equals’ provided.

--remote-ip-equals <remote_ip_equals>

Only show Connection resources where field ‘Remote IP’ ‘equals’ provided.

--remote-port-lt <remote_port_lt>

Only show Connection resources where field ‘Remote Port’ ‘lt’ provided.

--remote-port-gte <remote_port_gte>

Only show Connection resources where field ‘Remote Port’ ‘gte’ provided.

--remote-port-gt <remote_port_gt>

Only show Connection resources where field ‘Remote Port’ ‘gt’ provided.

--remote-port-not-equals <remote_port_not_equals>

Only show Connection resources where field ‘Remote Port’ ‘not-equals’ provided.

--remote-port-equals <remote_port_equals>

Only show Connection resources where field ‘Remote Port’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Connection resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Connection resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Connection resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Connection resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Connection resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Connection resources where field ‘Schema’ ‘equals’ provided.

--srcs-all-items-not-contains <srcs_all_items_not_contains>

Only show Connection resources where field ‘Sources’ ‘all-items-not-contains’ provided.

--srcs-all-items-not-equals <srcs_all_items_not_equals>

Only show Connection resources where field ‘Sources’ ‘all-items-not-equals’ provided.

--srcs-any-item-contains <srcs_any_item_contains>

Only show Connection resources where field ‘Sources’ ‘any-item-contains’ provided.

--srcs-any-item-equals <srcs_any_item_equals>

Only show Connection resources where field ‘Sources’ ‘any-item-equals’ provided.

--status-ends-with <status_ends_with>

Only show Connection resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Connection resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Connection resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Connection resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Connection resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Connection resources where field ‘Status’ ‘equals’ provided.

--traces-all-items-not-contains <traces_all_items_not_contains>

Only show Connection resources where field ‘Spydertraces’ ‘all-items-not-contains’ provided.

--traces-all-items-not-equals <traces_all_items_not_equals>

Only show Connection resources where field ‘Spydertraces’ ‘all-items-not-equals’ provided.

--traces-any-item-contains <traces_any_item_contains>

Only show Connection resources where field ‘Spydertraces’ ‘any-item-contains’ provided.

--traces-any-item-equals <traces_any_item_equals>

Only show Connection resources where field ‘Spydertraces’ ‘any-item-equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

containers

Get containers by name or id.

spyctl get containers [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Container resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Container resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Container resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Container resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Container resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Container resources where field ‘Cluster UID’ ‘equals’ provided.

--clustername-ends-with <clustername_ends_with>

Only show Container resources where field ‘Cluster Name’ ‘ends-with’ provided.

--clustername-starts-with <clustername_starts_with>

Only show Container resources where field ‘Cluster Name’ ‘starts-with’ provided.

--clustername-not-contains <clustername_not_contains>

Only show Container resources where field ‘Cluster Name’ ‘not-contains’ provided.

--clustername-contains <clustername_contains>

Only show Container resources where field ‘Cluster Name’ ‘contains’ provided.

--clustername-not-equals <clustername_not_equals>

Only show Container resources where field ‘Cluster Name’ ‘not-equals’ provided.

--clustername-equals <clustername_equals>

Only show Container resources where field ‘Cluster Name’ ‘equals’ provided.

--container-id-ends-with <container_id_ends_with>

Only show Container resources where field ‘Container ID’ ‘ends-with’ provided.

--container-id-starts-with <container_id_starts_with>

Only show Container resources where field ‘Container ID’ ‘starts-with’ provided.

--container-id-not-contains <container_id_not_contains>

Only show Container resources where field ‘Container ID’ ‘not-contains’ provided.

--container-id-contains <container_id_contains>

Only show Container resources where field ‘Container ID’ ‘contains’ provided.

--container-id-not-equals <container_id_not_equals>

Only show Container resources where field ‘Container ID’ ‘not-equals’ provided.

--container-id-equals <container_id_equals>

Only show Container resources where field ‘Container ID’ ‘equals’ provided.

--container-name-ends-with <container_name_ends_with>

Only show Container resources where field ‘Container Name’ ‘ends-with’ provided.

--container-name-starts-with <container_name_starts_with>

Only show Container resources where field ‘Container Name’ ‘starts-with’ provided.

--container-name-not-contains <container_name_not_contains>

Only show Container resources where field ‘Container Name’ ‘not-contains’ provided.

--container-name-contains <container_name_contains>

Only show Container resources where field ‘Container Name’ ‘contains’ provided.

--container-name-not-equals <container_name_not_equals>

Only show Container resources where field ‘Container Name’ ‘not-equals’ provided.

--container-name-equals <container_name_equals>

Only show Container resources where field ‘Container Name’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Container resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Container resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Container resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Container resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Container resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Container resources where field ‘UID’ ‘equals’ provided.

--image-ends-with <image_ends_with>

Only show Container resources where field ‘Image’ ‘ends-with’ provided.

--image-starts-with <image_starts_with>

Only show Container resources where field ‘Image’ ‘starts-with’ provided.

--image-not-contains <image_not_contains>

Only show Container resources where field ‘Image’ ‘not-contains’ provided.

--image-contains <image_contains>

Only show Container resources where field ‘Image’ ‘contains’ provided.

--image-not-equals <image_not_equals>

Only show Container resources where field ‘Image’ ‘not-equals’ provided.

--image-equals <image_equals>

Only show Container resources where field ‘Image’ ‘equals’ provided.

--image-id-ends-with <image_id_ends_with>

Only show Container resources where field ‘Image ID’ ‘ends-with’ provided.

--image-id-starts-with <image_id_starts_with>

Only show Container resources where field ‘Image ID’ ‘starts-with’ provided.

--image-id-not-contains <image_id_not_contains>

Only show Container resources where field ‘Image ID’ ‘not-contains’ provided.

--image-id-contains <image_id_contains>

Only show Container resources where field ‘Image ID’ ‘contains’ provided.

--image-id-not-equals <image_id_not_equals>

Only show Container resources where field ‘Image ID’ ‘not-equals’ provided.

--image-id-equals <image_id_equals>

Only show Container resources where field ‘Image ID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Container resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Container resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Container resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Container resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Container resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Container resources where field ‘Machine UID’ ‘equals’ provided.

--node-uid-ends-with <node_uid_ends_with>

Only show Container resources where field ‘Node UID’ ‘ends-with’ provided.

--node-uid-starts-with <node_uid_starts_with>

Only show Container resources where field ‘Node UID’ ‘starts-with’ provided.

--node-uid-not-contains <node_uid_not_contains>

Only show Container resources where field ‘Node UID’ ‘not-contains’ provided.

--node-uid-contains <node_uid_contains>

Only show Container resources where field ‘Node UID’ ‘contains’ provided.

--node-uid-not-equals <node_uid_not_equals>

Only show Container resources where field ‘Node UID’ ‘not-equals’ provided.

--node-uid-equals <node_uid_equals>

Only show Container resources where field ‘Node UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Container resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Container resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Container resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Container resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Container resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Container resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Container resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Container resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Container resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Container resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Container resources where field ‘original_schema’ ‘equals’ provided.

--pod-labels-any-value-contains <pod_labels_any_value_contains>

Only show Container resources where field ‘Pod Labels’ ‘any-value-contains’ provided.

--pod-labels-any-value-equals <pod_labels_any_value_equals>

Only show Container resources where field ‘Pod Labels’ ‘any-value-equals’ provided.

--pod-labels-any-key-contains <pod_labels_any_key_contains>

Only show Container resources where field ‘Pod Labels’ ‘any-key-contains’ provided.

--pod-labels-any-key-equals <pod_labels_any_key_equals>

Only show Container resources where field ‘Pod Labels’ ‘any-key-equals’ provided.

--pod-name-ends-with <pod_name_ends_with>

Only show Container resources where field ‘Pod Name’ ‘ends-with’ provided.

--pod-name-starts-with <pod_name_starts_with>

Only show Container resources where field ‘Pod Name’ ‘starts-with’ provided.

--pod-name-not-contains <pod_name_not_contains>

Only show Container resources where field ‘Pod Name’ ‘not-contains’ provided.

--pod-name-contains <pod_name_contains>

Only show Container resources where field ‘Pod Name’ ‘contains’ provided.

--pod-name-not-equals <pod_name_not_equals>

Only show Container resources where field ‘Pod Name’ ‘not-equals’ provided.

--pod-name-equals <pod_name_equals>

Only show Container resources where field ‘Pod Name’ ‘equals’ provided.

--pod-namespace-ends-with <pod_namespace_ends_with>

Only show Container resources where field ‘Pod Namespace’ ‘ends-with’ provided.

--pod-namespace-starts-with <pod_namespace_starts_with>

Only show Container resources where field ‘Pod Namespace’ ‘starts-with’ provided.

--pod-namespace-not-contains <pod_namespace_not_contains>

Only show Container resources where field ‘Pod Namespace’ ‘not-contains’ provided.

--pod-namespace-contains <pod_namespace_contains>

Only show Container resources where field ‘Pod Namespace’ ‘contains’ provided.

--pod-namespace-not-equals <pod_namespace_not_equals>

Only show Container resources where field ‘Pod Namespace’ ‘not-equals’ provided.

--pod-namespace-equals <pod_namespace_equals>

Only show Container resources where field ‘Pod Namespace’ ‘equals’ provided.

--pod-namespace-labels-any-value-contains <pod_namespace_labels_any_value_contains>

Only show Container resources where field ‘Pod Namespace Labels’ ‘any-value-contains’ provided.

--pod-namespace-labels-any-value-equals <pod_namespace_labels_any_value_equals>

Only show Container resources where field ‘Pod Namespace Labels’ ‘any-value-equals’ provided.

--pod-namespace-labels-any-key-contains <pod_namespace_labels_any_key_contains>

Only show Container resources where field ‘Pod Namespace Labels’ ‘any-key-contains’ provided.

--pod-namespace-labels-any-key-equals <pod_namespace_labels_any_key_equals>

Only show Container resources where field ‘Pod Namespace Labels’ ‘any-key-equals’ provided.

--pod-uid-ends-with <pod_uid_ends_with>

Only show Container resources where field ‘Pod UID’ ‘ends-with’ provided.

--pod-uid-starts-with <pod_uid_starts_with>

Only show Container resources where field ‘Pod UID’ ‘starts-with’ provided.

--pod-uid-not-contains <pod_uid_not_contains>

Only show Container resources where field ‘Pod UID’ ‘not-contains’ provided.

--pod-uid-contains <pod_uid_contains>

Only show Container resources where field ‘Pod UID’ ‘contains’ provided.

--pod-uid-not-equals <pod_uid_not_equals>

Only show Container resources where field ‘Pod UID’ ‘not-equals’ provided.

--pod-uid-equals <pod_uid_equals>

Only show Container resources where field ‘Pod UID’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Container resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Container resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Container resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Container resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Container resources where field ‘Red Flag Count’ ‘equals’ provided.

--root-puid-ends-with <root_puid_ends_with>

Only show Container resources where field ‘Root process UID’ ‘ends-with’ provided.

--root-puid-starts-with <root_puid_starts_with>

Only show Container resources where field ‘Root process UID’ ‘starts-with’ provided.

--root-puid-not-contains <root_puid_not_contains>

Only show Container resources where field ‘Root process UID’ ‘not-contains’ provided.

--root-puid-contains <root_puid_contains>

Only show Container resources where field ‘Root process UID’ ‘contains’ provided.

--root-puid-not-equals <root_puid_not_equals>

Only show Container resources where field ‘Root process UID’ ‘not-equals’ provided.

--root-puid-equals <root_puid_equals>

Only show Container resources where field ‘Root process UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Container resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Container resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Container resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Container resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Container resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Container resources where field ‘Schema’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

custom-flags

Get custom flags by name or id.

spyctl get custom-flags [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--is-enabled

Only show resources that are enabled.

--is-not-enabled

Only show resources that are not enabled.

--reversed

Reverse the order of the results.

--tags-contain <tags_contain>

Only show resources that contain these tags.

--action-taken-equals <action_taken_equals>

Only show historical ‘audit’ resources generated by a specific user action, such as ‘insert’ or ‘delete’

Options:

insert | delete | update | enable | disable

--latest-version

Pulling from the historical ‘audit’ tables, only retrieve the latest version of the resources by uid.

--raw-data

--content-contains <content_contains>

Filter by custom flag content containing the specified string.

--impact-contains <impact_contains>

Filter by custom flag impact containing the specified string.

--query-contains <query_contains>

Filter by custom flag query containing the specified string.

--query-equals <query_equals>

Filter by custom flag query matching the specified string.

--schema-equals <schema_equals>

Filter by custom flag schema matching the specified string.

--query-uid-equals <query_uid_equals>

Filter for custom flags with a saved query UID matching the specified string.

--severity-equals <severity_equals>

Filter by custom flag severity matching the specified string.

--from-history

Include historical archive data in the output.

--flag-type-equals <flag_type_equals>

Filter by custom flag type matching the specified string.

Options:

redflag | opsflag

--sort-by <sort_by>

Sort by the specified field.

Options:

name | description | create_time | query | schema | severity | impact | last_updated | is_enabled

--version <version>

Filter by the specified version of the custom flag.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

daemonsets

Get daemonsets by name or id.

spyctl get daemonsets [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Daemonset resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Daemonset resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Daemonset resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Daemonset resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Daemonset resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Daemonset resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Daemonset resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Daemonset resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Daemonset resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Daemonset resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Daemonset resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Daemonset resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Daemonset resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Daemonset resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Daemonset resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Daemonset resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Daemonset resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Daemonset resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Daemonset resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Daemonset resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Daemonset resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Daemonset resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Daemonset resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Daemonset resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Daemonset resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Daemonset resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Daemonset resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Daemonset resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Daemonset resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Daemonset resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Daemonset resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Daemonset resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Daemonset resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Daemonset resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Daemonset resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Daemonset resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Daemonset resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Daemonset resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Daemonset resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Daemonset resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Daemonset resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Daemonset resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Daemonset resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Daemonset resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Daemonset resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Daemonset resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Daemonset resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Daemonset resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Daemonset resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Daemonset resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Daemonset resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Daemonset resources where field ‘original_schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Daemonset resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Daemonset resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Daemonset resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Daemonset resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Daemonset resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Daemonset resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Daemonset resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Daemonset resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Daemonset resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Daemonset resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Daemonset resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Daemonset resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Daemonset resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Daemonset resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Daemonset resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Daemonset resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Daemonset resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

deployments

Get deployments by name or id.

spyctl get deployments [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Deployment resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Deployment resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Deployment resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Deployment resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Deployment resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Deployment resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Deployment resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Deployment resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Deployment resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Deployment resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Deployment resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Deployment resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Deployment resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Deployment resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Deployment resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Deployment resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Deployment resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Deployment resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Deployment resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Deployment resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Deployment resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Deployment resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Deployment resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Deployment resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Deployment resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Deployment resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Deployment resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Deployment resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Deployment resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Deployment resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Deployment resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Deployment resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Deployment resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Deployment resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Deployment resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Deployment resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Deployment resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Deployment resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Deployment resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Deployment resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Deployment resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Deployment resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Deployment resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Deployment resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Deployment resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Deployment resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Deployment resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Deployment resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Deployment resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Deployment resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Deployment resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Deployment resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Deployment resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Deployment resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Deployment resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Deployment resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Deployment resources where field ‘original_schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Deployment resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Deployment resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Deployment resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Deployment resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Deployment resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Deployment resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Deployment resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Deployment resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Deployment resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Deployment resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Deployment resources where field ‘Schema’ ‘equals’ provided.

--spec_replicas-lt <spec_replicas_lt>

Only show Deployment resources where field ‘Replicas’ ‘lt’ provided.

--spec_replicas-gte <spec_replicas_gte>

Only show Deployment resources where field ‘Replicas’ ‘gte’ provided.

--spec_replicas-gt <spec_replicas_gt>

Only show Deployment resources where field ‘Replicas’ ‘gt’ provided.

--spec_replicas-not-equals <spec_replicas_not_equals>

Only show Deployment resources where field ‘Replicas’ ‘not-equals’ provided.

--spec_replicas-equals <spec_replicas_equals>

Only show Deployment resources where field ‘Replicas’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Deployment resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Deployment resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Deployment resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Deployment resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Deployment resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Deployment resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

deviations

Get deviations by name or id.

spyctl get deviations [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--checksum-ends-with <checksum_ends_with>

Only show Deviation resources where field ‘Checksum’ ‘ends-with’ provided.

--checksum-starts-with <checksum_starts_with>

Only show Deviation resources where field ‘Checksum’ ‘starts-with’ provided.

--checksum-not-contains <checksum_not_contains>

Only show Deviation resources where field ‘Checksum’ ‘not-contains’ provided.

--checksum-contains <checksum_contains>

Only show Deviation resources where field ‘Checksum’ ‘contains’ provided.

--checksum-not-equals <checksum_not_equals>

Only show Deviation resources where field ‘Checksum’ ‘not-equals’ provided.

--checksum-equals <checksum_equals>

Only show Deviation resources where field ‘Checksum’ ‘equals’ provided.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Deviation resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Deviation resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Deviation resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Deviation resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Deviation resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Deviation resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Deviation resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Deviation resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Deviation resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Deviation resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Deviation resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Deviation resources where field ‘Cluster UID’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Deviation resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Deviation resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Deviation resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Deviation resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Deviation resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Deviation resources where field ‘Container UID’ ‘equals’ provided.

--description-ends-with <description_ends_with>

Only show Deviation resources where field ‘Description’ ‘ends-with’ provided.

--description-starts-with <description_starts_with>

Only show Deviation resources where field ‘Description’ ‘starts-with’ provided.

--description-not-contains <description_not_contains>

Only show Deviation resources where field ‘Description’ ‘not-contains’ provided.

--description-contains <description_contains>

Only show Deviation resources where field ‘Description’ ‘contains’ provided.

--description-not-equals <description_not_equals>

Only show Deviation resources where field ‘Description’ ‘not-equals’ provided.

--description-equals <description_equals>

Only show Deviation resources where field ‘Description’ ‘equals’ provided.

--hostname-ends-with <hostname_ends_with>

Only show Deviation resources where field ‘Hostname’ ‘ends-with’ provided.

--hostname-starts-with <hostname_starts_with>

Only show Deviation resources where field ‘Hostname’ ‘starts-with’ provided.

--hostname-not-contains <hostname_not_contains>

Only show Deviation resources where field ‘Hostname’ ‘not-contains’ provided.

--hostname-contains <hostname_contains>

Only show Deviation resources where field ‘Hostname’ ‘contains’ provided.

--hostname-not-equals <hostname_not_equals>

Only show Deviation resources where field ‘Hostname’ ‘not-equals’ provided.

--hostname-equals <hostname_equals>

Only show Deviation resources where field ‘Hostname’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Deviation resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Deviation resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Deviation resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Deviation resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Deviation resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Deviation resources where field ‘UID’ ‘equals’ provided.

--namespace-ends-with <namespace_ends_with>

Only show Deviation resources where field ‘Namespace’ ‘ends-with’ provided.

--namespace-starts-with <namespace_starts_with>

Only show Deviation resources where field ‘Namespace’ ‘starts-with’ provided.

--namespace-not-contains <namespace_not_contains>

Only show Deviation resources where field ‘Namespace’ ‘not-contains’ provided.

--namespace-contains <namespace_contains>

Only show Deviation resources where field ‘Namespace’ ‘contains’ provided.

--namespace-not-equals <namespace_not_equals>

Only show Deviation resources where field ‘Namespace’ ‘not-equals’ provided.

--namespace-equals <namespace_equals>

Only show Deviation resources where field ‘Namespace’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Deviation resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Deviation resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Deviation resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Deviation resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Deviation resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Deviation resources where field ‘original_schema’ ‘equals’ provided.

--pod-kuid-ends-with <pod_kuid_ends_with>

Only show Deviation resources where field ‘Pod UID’ ‘ends-with’ provided.

--pod-kuid-starts-with <pod_kuid_starts_with>

Only show Deviation resources where field ‘Pod UID’ ‘starts-with’ provided.

--pod-kuid-not-contains <pod_kuid_not_contains>

Only show Deviation resources where field ‘Pod UID’ ‘not-contains’ provided.

--pod-kuid-contains <pod_kuid_contains>

Only show Deviation resources where field ‘Pod UID’ ‘contains’ provided.

--pod-kuid-not-equals <pod_kuid_not_equals>

Only show Deviation resources where field ‘Pod UID’ ‘not-equals’ provided.

--pod-kuid-equals <pod_kuid_equals>

Only show Deviation resources where field ‘Pod UID’ ‘equals’ provided.

--policy-mode-ends-with <policy_mode_ends_with>

Only show Deviation resources where field ‘Policy Mode’ ‘ends-with’ provided.

--policy-mode-starts-with <policy_mode_starts_with>

Only show Deviation resources where field ‘Policy Mode’ ‘starts-with’ provided.

--policy-mode-not-contains <policy_mode_not_contains>

Only show Deviation resources where field ‘Policy Mode’ ‘not-contains’ provided.

--policy-mode-contains <policy_mode_contains>

Only show Deviation resources where field ‘Policy Mode’ ‘contains’ provided.

--policy-mode-not-equals <policy_mode_not_equals>

Only show Deviation resources where field ‘Policy Mode’ ‘not-equals’ provided.

--policy-mode-equals <policy_mode_equals>

Only show Deviation resources where field ‘Policy Mode’ ‘equals’ provided.

--policy-name-ends-with <policy_name_ends_with>

Only show Deviation resources where field ‘Policy Name’ ‘ends-with’ provided.

--policy-name-starts-with <policy_name_starts_with>

Only show Deviation resources where field ‘Policy Name’ ‘starts-with’ provided.

--policy-name-not-contains <policy_name_not_contains>

Only show Deviation resources where field ‘Policy Name’ ‘not-contains’ provided.

--policy-name-contains <policy_name_contains>

Only show Deviation resources where field ‘Policy Name’ ‘contains’ provided.

--policy-name-not-equals <policy_name_not_equals>

Only show Deviation resources where field ‘Policy Name’ ‘not-equals’ provided.

--policy-name-equals <policy_name_equals>

Only show Deviation resources where field ‘Policy Name’ ‘equals’ provided.

--policy-type-ends-with <policy_type_ends_with>

Only show Deviation resources where field ‘Policy Type’ ‘ends-with’ provided.

--policy-type-starts-with <policy_type_starts_with>

Only show Deviation resources where field ‘Policy Type’ ‘starts-with’ provided.

--policy-type-not-contains <policy_type_not_contains>

Only show Deviation resources where field ‘Policy Type’ ‘not-contains’ provided.

--policy-type-contains <policy_type_contains>

Only show Deviation resources where field ‘Policy Type’ ‘contains’ provided.

--policy-type-not-equals <policy_type_not_equals>

Only show Deviation resources where field ‘Policy Type’ ‘not-equals’ provided.

--policy-type-equals <policy_type_equals>

Only show Deviation resources where field ‘Policy Type’ ‘equals’ provided.

--policy-uid-ends-with <policy_uid_ends_with>

Only show Deviation resources where field ‘Policy UID’ ‘ends-with’ provided.

--policy-uid-starts-with <policy_uid_starts_with>

Only show Deviation resources where field ‘Policy UID’ ‘starts-with’ provided.

--policy-uid-not-contains <policy_uid_not_contains>

Only show Deviation resources where field ‘Policy UID’ ‘not-contains’ provided.

--policy-uid-contains <policy_uid_contains>

Only show Deviation resources where field ‘Policy UID’ ‘contains’ provided.

--policy-uid-not-equals <policy_uid_not_equals>

Only show Deviation resources where field ‘Policy UID’ ‘not-equals’ provided.

--policy-uid-equals <policy_uid_equals>

Only show Deviation resources where field ‘Policy UID’ ‘equals’ provided.

--ref-ends-with <ref_ends_with>

Only show Deviation resources where field ‘Reference UID’ ‘ends-with’ provided.

--ref-starts-with <ref_starts_with>

Only show Deviation resources where field ‘Reference UID’ ‘starts-with’ provided.

--ref-not-contains <ref_not_contains>

Only show Deviation resources where field ‘Reference UID’ ‘not-contains’ provided.

--ref-contains <ref_contains>

Only show Deviation resources where field ‘Reference UID’ ‘contains’ provided.

--ref-not-equals <ref_not_equals>

Only show Deviation resources where field ‘Reference UID’ ‘not-equals’ provided.

--ref-equals <ref_equals>

Only show Deviation resources where field ‘Reference UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Deviation resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Deviation resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Deviation resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Deviation resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Deviation resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Deviation resources where field ‘Schema’ ‘equals’ provided.

--policies <policies>

Policies to get deviations from.

--non-unique

By default json or yaml output will be unique. Set this flag to include all relevant deviations.

--raw-data

Return the raw event_audit:guardian_deviation data.

--include-irrelevant

Return deviations tied to a policy even if they are no longer relevant. The default behavior is to exclude deviations that have already been merged into the policy.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

fingerprints

Get fingerprints by name or id.

spyctl get fingerprints [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cgroup-ends-with <cgroup_ends_with>

Only show Fingerprint resources where field ‘Cgroup’ ‘ends-with’ provided.

--cgroup-starts-with <cgroup_starts_with>

Only show Fingerprint resources where field ‘Cgroup’ ‘starts-with’ provided.

--cgroup-not-contains <cgroup_not_contains>

Only show Fingerprint resources where field ‘Cgroup’ ‘not-contains’ provided.

--cgroup-contains <cgroup_contains>

Only show Fingerprint resources where field ‘Cgroup’ ‘contains’ provided.

--cgroup-not-equals <cgroup_not_equals>

Only show Fingerprint resources where field ‘Cgroup’ ‘not-equals’ provided.

--cgroup-equals <cgroup_equals>

Only show Fingerprint resources where field ‘Cgroup’ ‘equals’ provided.

--container-id-ends-with <container_id_ends_with>

Only show Fingerprint resources where field ‘Container ID’ ‘ends-with’ provided.

--container-id-starts-with <container_id_starts_with>

Only show Fingerprint resources where field ‘Container ID’ ‘starts-with’ provided.

--container-id-not-contains <container_id_not_contains>

Only show Fingerprint resources where field ‘Container ID’ ‘not-contains’ provided.

--container-id-contains <container_id_contains>

Only show Fingerprint resources where field ‘Container ID’ ‘contains’ provided.

--container-id-not-equals <container_id_not_equals>

Only show Fingerprint resources where field ‘Container ID’ ‘not-equals’ provided.

--container-id-equals <container_id_equals>

Only show Fingerprint resources where field ‘Container ID’ ‘equals’ provided.

--container-name-ends-with <container_name_ends_with>

Only show Fingerprint resources where field ‘Container Name’ ‘ends-with’ provided.

--container-name-starts-with <container_name_starts_with>

Only show Fingerprint resources where field ‘Container Name’ ‘starts-with’ provided.

--container-name-not-contains <container_name_not_contains>

Only show Fingerprint resources where field ‘Container Name’ ‘not-contains’ provided.

--container-name-contains <container_name_contains>

Only show Fingerprint resources where field ‘Container Name’ ‘contains’ provided.

--container-name-not-equals <container_name_not_equals>

Only show Fingerprint resources where field ‘Container Name’ ‘not-equals’ provided.

--container-name-equals <container_name_equals>

Only show Fingerprint resources where field ‘Container Name’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Fingerprint resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Fingerprint resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Fingerprint resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Fingerprint resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Fingerprint resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Fingerprint resources where field ‘UID’ ‘equals’ provided.

--image-ends-with <image_ends_with>

Only show Fingerprint resources where field ‘Image’ ‘ends-with’ provided.

--image-starts-with <image_starts_with>

Only show Fingerprint resources where field ‘Image’ ‘starts-with’ provided.

--image-not-contains <image_not_contains>

Only show Fingerprint resources where field ‘Image’ ‘not-contains’ provided.

--image-contains <image_contains>

Only show Fingerprint resources where field ‘Image’ ‘contains’ provided.

--image-not-equals <image_not_equals>

Only show Fingerprint resources where field ‘Image’ ‘not-equals’ provided.

--image-equals <image_equals>

Only show Fingerprint resources where field ‘Image’ ‘equals’ provided.

--image-id-ends-with <image_id_ends_with>

Only show Fingerprint resources where field ‘Image ID’ ‘ends-with’ provided.

--image-id-starts-with <image_id_starts_with>

Only show Fingerprint resources where field ‘Image ID’ ‘starts-with’ provided.

--image-id-not-contains <image_id_not_contains>

Only show Fingerprint resources where field ‘Image ID’ ‘not-contains’ provided.

--image-id-contains <image_id_contains>

Only show Fingerprint resources where field ‘Image ID’ ‘contains’ provided.

--image-id-not-equals <image_id_not_equals>

Only show Fingerprint resources where field ‘Image ID’ ‘not-equals’ provided.

--image-id-equals <image_id_equals>

Only show Fingerprint resources where field ‘Image ID’ ‘equals’ provided.

--metadata_type-ends-with <metadata_type_ends_with>

Only show Fingerprint resources where field ‘Type’ ‘ends-with’ provided.

--metadata_type-starts-with <metadata_type_starts_with>

Only show Fingerprint resources where field ‘Type’ ‘starts-with’ provided.

--metadata_type-not-contains <metadata_type_not_contains>

Only show Fingerprint resources where field ‘Type’ ‘not-contains’ provided.

--metadata_type-contains <metadata_type_contains>

Only show Fingerprint resources where field ‘Type’ ‘contains’ provided.

--metadata_type-not-equals <metadata_type_not_equals>

Only show Fingerprint resources where field ‘Type’ ‘not-equals’ provided.

--metadata_type-equals <metadata_type_equals>

Only show Fingerprint resources where field ‘Type’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Fingerprint resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Fingerprint resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Fingerprint resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Fingerprint resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Fingerprint resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Fingerprint resources where field ‘Machine UID’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Fingerprint resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Fingerprint resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Fingerprint resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Fingerprint resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Fingerprint resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Fingerprint resources where field ‘Original schema’ ‘equals’ provided.

--root-puid-ends-with <root_puid_ends_with>

Only show Fingerprint resources where field ‘Root Process UID’ ‘ends-with’ provided.

--root-puid-starts-with <root_puid_starts_with>

Only show Fingerprint resources where field ‘Root Process UID’ ‘starts-with’ provided.

--root-puid-not-contains <root_puid_not_contains>

Only show Fingerprint resources where field ‘Root Process UID’ ‘not-contains’ provided.

--root-puid-contains <root_puid_contains>

Only show Fingerprint resources where field ‘Root Process UID’ ‘contains’ provided.

--root-puid-not-equals <root_puid_not_equals>

Only show Fingerprint resources where field ‘Root Process UID’ ‘not-equals’ provided.

--root-puid-equals <root_puid_equals>

Only show Fingerprint resources where field ‘Root Process UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Fingerprint resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Fingerprint resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Fingerprint resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Fingerprint resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Fingerprint resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Fingerprint resources where field ‘Schema’ ‘equals’ provided.

--service-name-ends-with <service_name_ends_with>

Only show Fingerprint resources where field ‘Service Name’ ‘ends-with’ provided.

--service-name-starts-with <service_name_starts_with>

Only show Fingerprint resources where field ‘Service Name’ ‘starts-with’ provided.

--service-name-not-contains <service_name_not_contains>

Only show Fingerprint resources where field ‘Service Name’ ‘not-contains’ provided.

--service-name-contains <service_name_contains>

Only show Fingerprint resources where field ‘Service Name’ ‘contains’ provided.

--service-name-not-equals <service_name_not_equals>

Only show Fingerprint resources where field ‘Service Name’ ‘not-equals’ provided.

--service-name-equals <service_name_equals>

Only show Fingerprint resources where field ‘Service Name’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Fingerprint resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Fingerprint resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Fingerprint resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Fingerprint resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Fingerprint resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Fingerprint resources where field ‘Status’ ‘equals’ provided.

-T, --type <type>

Required The type of fingerprint to return.

Options:

container | linux-service

--raw-data

When outputting to yaml or json, this outputs the raw fingerprint data, instead of the fingerprint groups

--group-by <group_by>

Group by fields in the fingerprint, comma delimited. Such as cluster_name,namespace. At a basic level fingerprints are always grouped by image + image_id. This option allows you to group by additional fields.

--sort-by <sort_by>

Group by fields in the fingerprint, comma delimited. Such as cluster_name,namespace. At a basic level fingerprints are always grouped by image + image_id. This option allows you to group by additional fields.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

linux-services

Get linux services by name or id.

spyctl get linux-services [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--hostname <hostname>

The hostname of the machine running the service.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

machines

Get machines by name or id.

spyctl get machines [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--boot-time-lt <boot_time_lt>

Only show Machine resources where field ‘Boot Time’ ‘lt’ provided.

--boot-time-gte <boot_time_gte>

Only show Machine resources where field ‘Boot Time’ ‘gte’ provided.

--boot-time-gt <boot_time_gt>

Only show Machine resources where field ‘Boot Time’ ‘gt’ provided.

--boot-time-not-equals <boot_time_not_equals>

Only show Machine resources where field ‘Boot Time’ ‘not-equals’ provided.

--boot-time-equals <boot_time_equals>

Only show Machine resources where field ‘Boot Time’ ‘equals’ provided.

--cloud-image-id-ends-with <cloud_image_id_ends_with>

Only show Machine resources where field ‘Cloud Image ID’ ‘ends-with’ provided.

--cloud-image-id-starts-with <cloud_image_id_starts_with>

Only show Machine resources where field ‘Cloud Image ID’ ‘starts-with’ provided.

--cloud-image-id-not-contains <cloud_image_id_not_contains>

Only show Machine resources where field ‘Cloud Image ID’ ‘not-contains’ provided.

--cloud-image-id-contains <cloud_image_id_contains>

Only show Machine resources where field ‘Cloud Image ID’ ‘contains’ provided.

--cloud-image-id-not-equals <cloud_image_id_not_equals>

Only show Machine resources where field ‘Cloud Image ID’ ‘not-equals’ provided.

--cloud-image-id-equals <cloud_image_id_equals>

Only show Machine resources where field ‘Cloud Image ID’ ‘equals’ provided.

--cloud-instance-id-ends-with <cloud_instance_id_ends_with>

Only show Machine resources where field ‘Cloud Instance ID’ ‘ends-with’ provided.

--cloud-instance-id-starts-with <cloud_instance_id_starts_with>

Only show Machine resources where field ‘Cloud Instance ID’ ‘starts-with’ provided.

--cloud-instance-id-not-contains <cloud_instance_id_not_contains>

Only show Machine resources where field ‘Cloud Instance ID’ ‘not-contains’ provided.

--cloud-instance-id-contains <cloud_instance_id_contains>

Only show Machine resources where field ‘Cloud Instance ID’ ‘contains’ provided.

--cloud-instance-id-not-equals <cloud_instance_id_not_equals>

Only show Machine resources where field ‘Cloud Instance ID’ ‘not-equals’ provided.

--cloud-instance-id-equals <cloud_instance_id_equals>

Only show Machine resources where field ‘Cloud Instance ID’ ‘equals’ provided.

--cloud-region-ends-with <cloud_region_ends_with>

Only show Machine resources where field ‘Cloud Region ID’ ‘ends-with’ provided.

--cloud-region-starts-with <cloud_region_starts_with>

Only show Machine resources where field ‘Cloud Region ID’ ‘starts-with’ provided.

--cloud-region-not-contains <cloud_region_not_contains>

Only show Machine resources where field ‘Cloud Region ID’ ‘not-contains’ provided.

--cloud-region-contains <cloud_region_contains>

Only show Machine resources where field ‘Cloud Region ID’ ‘contains’ provided.

--cloud-region-not-equals <cloud_region_not_equals>

Only show Machine resources where field ‘Cloud Region ID’ ‘not-equals’ provided.

--cloud-region-equals <cloud_region_equals>

Only show Machine resources where field ‘Cloud Region ID’ ‘equals’ provided.

--cloud-tags-any-value-contains <cloud_tags_any_value_contains>

Only show Machine resources where field ‘Cloud Tags’ ‘any-value-contains’ provided.

--cloud-tags-any-value-equals <cloud_tags_any_value_equals>

Only show Machine resources where field ‘Cloud Tags’ ‘any-value-equals’ provided.

--cloud-tags-any-key-contains <cloud_tags_any_key_contains>

Only show Machine resources where field ‘Cloud Tags’ ‘any-key-contains’ provided.

--cloud-tags-any-key-equals <cloud_tags_any_key_equals>

Only show Machine resources where field ‘Cloud Tags’ ‘any-key-equals’ provided.

--cloud-type-ends-with <cloud_type_ends_with>

Only show Machine resources where field ‘Cloud Type’ ‘ends-with’ provided.

--cloud-type-starts-with <cloud_type_starts_with>

Only show Machine resources where field ‘Cloud Type’ ‘starts-with’ provided.

--cloud-type-not-contains <cloud_type_not_contains>

Only show Machine resources where field ‘Cloud Type’ ‘not-contains’ provided.

--cloud-type-contains <cloud_type_contains>

Only show Machine resources where field ‘Cloud Type’ ‘contains’ provided.

--cloud-type-not-equals <cloud_type_not_equals>

Only show Machine resources where field ‘Cloud Type’ ‘not-equals’ provided.

--cloud-type-equals <cloud_type_equals>

Only show Machine resources where field ‘Cloud Type’ ‘equals’ provided.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Machine resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Machine resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Machine resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Machine resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Machine resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Machine resources where field ‘Cluster Name’ ‘equals’ provided.

--cpu-model-ends-with <cpu_model_ends_with>

Only show Machine resources where field ‘CPU Model’ ‘ends-with’ provided.

--cpu-model-starts-with <cpu_model_starts_with>

Only show Machine resources where field ‘CPU Model’ ‘starts-with’ provided.

--cpu-model-not-contains <cpu_model_not_contains>

Only show Machine resources where field ‘CPU Model’ ‘not-contains’ provided.

--cpu-model-contains <cpu_model_contains>

Only show Machine resources where field ‘CPU Model’ ‘contains’ provided.

--cpu-model-not-equals <cpu_model_not_equals>

Only show Machine resources where field ‘CPU Model’ ‘not-equals’ provided.

--cpu-model-equals <cpu_model_equals>

Only show Machine resources where field ‘CPU Model’ ‘equals’ provided.

--duration-lt <duration_lt>

Only show Machine resources where field ‘Duration’ ‘lt’ provided.

--duration-gte <duration_gte>

Only show Machine resources where field ‘Duration’ ‘gte’ provided.

--duration-gt <duration_gt>

Only show Machine resources where field ‘Duration’ ‘gt’ provided.

--duration-not-equals <duration_not_equals>

Only show Machine resources where field ‘Duration’ ‘not-equals’ provided.

--duration-equals <duration_equals>

Only show Machine resources where field ‘Duration’ ‘equals’ provided.

--ec2-uid-ends-with <ec2_uid_ends_with>

Only show Machine resources where field ‘EC2 UID’ ‘ends-with’ provided.

--ec2-uid-starts-with <ec2_uid_starts_with>

Only show Machine resources where field ‘EC2 UID’ ‘starts-with’ provided.

--ec2-uid-not-contains <ec2_uid_not_contains>

Only show Machine resources where field ‘EC2 UID’ ‘not-contains’ provided.

--ec2-uid-contains <ec2_uid_contains>

Only show Machine resources where field ‘EC2 UID’ ‘contains’ provided.

--ec2-uid-not-equals <ec2_uid_not_equals>

Only show Machine resources where field ‘EC2 UID’ ‘not-equals’ provided.

--ec2-uid-equals <ec2_uid_equals>

Only show Machine resources where field ‘EC2 UID’ ‘equals’ provided.

--hostname-ends-with <hostname_ends_with>

Only show Machine resources where field ‘Hostname’ ‘ends-with’ provided.

--hostname-starts-with <hostname_starts_with>

Only show Machine resources where field ‘Hostname’ ‘starts-with’ provided.

--hostname-not-contains <hostname_not_contains>

Only show Machine resources where field ‘Hostname’ ‘not-contains’ provided.

--hostname-contains <hostname_contains>

Only show Machine resources where field ‘Hostname’ ‘contains’ provided.

--hostname-not-equals <hostname_not_equals>

Only show Machine resources where field ‘Hostname’ ‘not-equals’ provided.

--hostname-equals <hostname_equals>

Only show Machine resources where field ‘Hostname’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Machine resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Machine resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Machine resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Machine resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Machine resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Machine resources where field ‘UID’ ‘equals’ provided.

--kernel-mods-all-items-not-contains <kernel_mods_all_items_not_contains>

Only show Machine resources where field ‘Kernel Modules’ ‘all-items-not-contains’ provided.

--kernel-mods-all-items-not-equals <kernel_mods_all_items_not_equals>

Only show Machine resources where field ‘Kernel Modules’ ‘all-items-not-equals’ provided.

--kernel-mods-any-item-contains <kernel_mods_any_item_contains>

Only show Machine resources where field ‘Kernel Modules’ ‘any-item-contains’ provided.

--kernel-mods-any-item-equals <kernel_mods_any_item_equals>

Only show Machine resources where field ‘Kernel Modules’ ‘any-item-equals’ provided.

--machine-processor-ends-with <machine_processor_ends_with>

Only show Machine resources where field ‘CPU Architecture’ ‘ends-with’ provided.

--machine-processor-starts-with <machine_processor_starts_with>

Only show Machine resources where field ‘CPU Architecture’ ‘starts-with’ provided.

--machine-processor-not-contains <machine_processor_not_contains>

Only show Machine resources where field ‘CPU Architecture’ ‘not-contains’ provided.

--machine-processor-contains <machine_processor_contains>

Only show Machine resources where field ‘CPU Architecture’ ‘contains’ provided.

--machine-processor-not-equals <machine_processor_not_equals>

Only show Machine resources where field ‘CPU Architecture’ ‘not-equals’ provided.

--machine-processor-equals <machine_processor_equals>

Only show Machine resources where field ‘CPU Architecture’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Machine resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Machine resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Machine resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Machine resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Machine resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Machine resources where field ‘Original schema’ ‘equals’ provided.

--os-name-ends-with <os_name_ends_with>

Only show Machine resources where field ‘OS Name’ ‘ends-with’ provided.

--os-name-starts-with <os_name_starts_with>

Only show Machine resources where field ‘OS Name’ ‘starts-with’ provided.

--os-name-not-contains <os_name_not_contains>

Only show Machine resources where field ‘OS Name’ ‘not-contains’ provided.

--os-name-contains <os_name_contains>

Only show Machine resources where field ‘OS Name’ ‘contains’ provided.

--os-name-not-equals <os_name_not_equals>

Only show Machine resources where field ‘OS Name’ ‘not-equals’ provided.

--os-name-equals <os_name_equals>

Only show Machine resources where field ‘OS Name’ ‘equals’ provided.

--os-release-ends-with <os_release_ends_with>

Only show Machine resources where field ‘OS Release’ ‘ends-with’ provided.

--os-release-starts-with <os_release_starts_with>

Only show Machine resources where field ‘OS Release’ ‘starts-with’ provided.

--os-release-not-contains <os_release_not_contains>

Only show Machine resources where field ‘OS Release’ ‘not-contains’ provided.

--os-release-contains <os_release_contains>

Only show Machine resources where field ‘OS Release’ ‘contains’ provided.

--os-release-not-equals <os_release_not_equals>

Only show Machine resources where field ‘OS Release’ ‘not-equals’ provided.

--os-release-equals <os_release_equals>

Only show Machine resources where field ‘OS Release’ ‘equals’ provided.

--os-system-ends-with <os_system_ends_with>

Only show Machine resources where field ‘OS System’ ‘ends-with’ provided.

--os-system-starts-with <os_system_starts_with>

Only show Machine resources where field ‘OS System’ ‘starts-with’ provided.

--os-system-not-contains <os_system_not_contains>

Only show Machine resources where field ‘OS System’ ‘not-contains’ provided.

--os-system-contains <os_system_contains>

Only show Machine resources where field ‘OS System’ ‘contains’ provided.

--os-system-not-equals <os_system_not_equals>

Only show Machine resources where field ‘OS System’ ‘not-equals’ provided.

--os-system-equals <os_system_equals>

Only show Machine resources where field ‘OS System’ ‘equals’ provided.

--os-version-ends-with <os_version_ends_with>

Only show Machine resources where field ‘OS Version’ ‘ends-with’ provided.

--os-version-starts-with <os_version_starts_with>

Only show Machine resources where field ‘OS Version’ ‘starts-with’ provided.

--os-version-not-contains <os_version_not_contains>

Only show Machine resources where field ‘OS Version’ ‘not-contains’ provided.

--os-version-contains <os_version_contains>

Only show Machine resources where field ‘OS Version’ ‘contains’ provided.

--os-version-not-equals <os_version_not_equals>

Only show Machine resources where field ‘OS Version’ ‘not-equals’ provided.

--os-version-equals <os_version_equals>

Only show Machine resources where field ‘OS Version’ ‘equals’ provided.

--private-ip-all-items-not-contains <private_ip_all_items_not_contains>

Only show Machine resources where field ‘Private IP Address’ ‘all-items-not-contains’ provided.

--private-ip-all-items-not-equals <private_ip_all_items_not_equals>

Only show Machine resources where field ‘Private IP Address’ ‘all-items-not-equals’ provided.

--private-ip-any-item-contains <private_ip_any_item_contains>

Only show Machine resources where field ‘Private IP Address’ ‘any-item-contains’ provided.

--private-ip-any-item-equals <private_ip_any_item_equals>

Only show Machine resources where field ‘Private IP Address’ ‘any-item-equals’ provided.

--public-ip-all-items-not-contains <public_ip_all_items_not_contains>

Only show Machine resources where field ‘Public IP Address’ ‘all-items-not-contains’ provided.

--public-ip-all-items-not-equals <public_ip_all_items_not_equals>

Only show Machine resources where field ‘Public IP Address’ ‘all-items-not-equals’ provided.

--public-ip-any-item-contains <public_ip_any_item_contains>

Only show Machine resources where field ‘Public IP Address’ ‘any-item-contains’ provided.

--public-ip-any-item-equals <public_ip_any_item_equals>

Only show Machine resources where field ‘Public IP Address’ ‘any-item-equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Machine resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Machine resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Machine resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Machine resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Machine resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Machine resources where field ‘Schema’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

namespaces

Get namespaces by name or id.

spyctl get namespaces [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Kubernetes Namespace resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Kubernetes Namespace resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Kubernetes Namespace resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Kubernetes Namespace resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Kubernetes Namespace resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Kubernetes Namespace resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Kubernetes Namespace resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Kubernetes Namespace resources where field ‘Kind’ ‘equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Kubernetes Namespace resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Kubernetes Namespace resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Kubernetes Namespace resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Kubernetes Namespace resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Kubernetes Namespace resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Kubernetes Namespace resources where field ‘Name’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Kubernetes Namespace resources where field ‘Original schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Kubernetes Namespace resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Kubernetes Namespace resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Kubernetes Namespace resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Kubernetes Namespace resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Kubernetes Namespace resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Kubernetes Namespace resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

nodes

Get nodes by name or id.

spyctl get nodes [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Node resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Node resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Node resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Node resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Node resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Node resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Node resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Node resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Node resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Node resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Node resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Node resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Node resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Node resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Node resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Node resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Node resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Node resources where field ‘UID’ ‘equals’ provided.

--k8s-status_allocatable_cpu-ends-with <k8s_status_allocatable_cpu_ends_with>

Only show Node resources where field ‘Allocatable CPU’ ‘ends-with’ provided.

--k8s-status_allocatable_cpu-starts-with <k8s_status_allocatable_cpu_starts_with>

Only show Node resources where field ‘Allocatable CPU’ ‘starts-with’ provided.

--k8s-status_allocatable_cpu-not-contains <k8s_status_allocatable_cpu_not_contains>

Only show Node resources where field ‘Allocatable CPU’ ‘not-contains’ provided.

--k8s-status_allocatable_cpu-contains <k8s_status_allocatable_cpu_contains>

Only show Node resources where field ‘Allocatable CPU’ ‘contains’ provided.

--k8s-status_allocatable_cpu-not-equals <k8s_status_allocatable_cpu_not_equals>

Only show Node resources where field ‘Allocatable CPU’ ‘not-equals’ provided.

--k8s-status_allocatable_cpu-equals <k8s_status_allocatable_cpu_equals>

Only show Node resources where field ‘Allocatable CPU’ ‘equals’ provided.

--k8s-status_allocatable_memory-ends-with <k8s_status_allocatable_memory_ends_with>

Only show Node resources where field ‘Allocatable Memory’ ‘ends-with’ provided.

--k8s-status_allocatable_memory-starts-with <k8s_status_allocatable_memory_starts_with>

Only show Node resources where field ‘Allocatable Memory’ ‘starts-with’ provided.

--k8s-status_allocatable_memory-not-contains <k8s_status_allocatable_memory_not_contains>

Only show Node resources where field ‘Allocatable Memory’ ‘not-contains’ provided.

--k8s-status_allocatable_memory-contains <k8s_status_allocatable_memory_contains>

Only show Node resources where field ‘Allocatable Memory’ ‘contains’ provided.

--k8s-status_allocatable_memory-not-equals <k8s_status_allocatable_memory_not_equals>

Only show Node resources where field ‘Allocatable Memory’ ‘not-equals’ provided.

--k8s-status_allocatable_memory-equals <k8s_status_allocatable_memory_equals>

Only show Node resources where field ‘Allocatable Memory’ ‘equals’ provided.

--k8s-status_allocatable_pods-ends-with <k8s_status_allocatable_pods_ends_with>

Only show Node resources where field ‘Allocatable Pods’ ‘ends-with’ provided.

--k8s-status_allocatable_pods-starts-with <k8s_status_allocatable_pods_starts_with>

Only show Node resources where field ‘Allocatable Pods’ ‘starts-with’ provided.

--k8s-status_allocatable_pods-not-contains <k8s_status_allocatable_pods_not_contains>

Only show Node resources where field ‘Allocatable Pods’ ‘not-contains’ provided.

--k8s-status_allocatable_pods-contains <k8s_status_allocatable_pods_contains>

Only show Node resources where field ‘Allocatable Pods’ ‘contains’ provided.

--k8s-status_allocatable_pods-not-equals <k8s_status_allocatable_pods_not_equals>

Only show Node resources where field ‘Allocatable Pods’ ‘not-equals’ provided.

--k8s-status_allocatable_pods-equals <k8s_status_allocatable_pods_equals>

Only show Node resources where field ‘Allocatable Pods’ ‘equals’ provided.

--k8s-status_capacity_cpu-ends-with <k8s_status_capacity_cpu_ends_with>

Only show Node resources where field ‘Capacity CPU’ ‘ends-with’ provided.

--k8s-status_capacity_cpu-starts-with <k8s_status_capacity_cpu_starts_with>

Only show Node resources where field ‘Capacity CPU’ ‘starts-with’ provided.

--k8s-status_capacity_cpu-not-contains <k8s_status_capacity_cpu_not_contains>

Only show Node resources where field ‘Capacity CPU’ ‘not-contains’ provided.

--k8s-status_capacity_cpu-contains <k8s_status_capacity_cpu_contains>

Only show Node resources where field ‘Capacity CPU’ ‘contains’ provided.

--k8s-status_capacity_cpu-not-equals <k8s_status_capacity_cpu_not_equals>

Only show Node resources where field ‘Capacity CPU’ ‘not-equals’ provided.

--k8s-status_capacity_cpu-equals <k8s_status_capacity_cpu_equals>

Only show Node resources where field ‘Capacity CPU’ ‘equals’ provided.

--k8s-status_nodeInfo_architecture-ends-with <k8s_status_nodeinfo_architecture_ends_with>

Only show Node resources where field ‘Architecture’ ‘ends-with’ provided.

--k8s-status_nodeInfo_architecture-starts-with <k8s_status_nodeinfo_architecture_starts_with>

Only show Node resources where field ‘Architecture’ ‘starts-with’ provided.

--k8s-status_nodeInfo_architecture-not-contains <k8s_status_nodeinfo_architecture_not_contains>

Only show Node resources where field ‘Architecture’ ‘not-contains’ provided.

--k8s-status_nodeInfo_architecture-contains <k8s_status_nodeinfo_architecture_contains>

Only show Node resources where field ‘Architecture’ ‘contains’ provided.

--k8s-status_nodeInfo_architecture-not-equals <k8s_status_nodeinfo_architecture_not_equals>

Only show Node resources where field ‘Architecture’ ‘not-equals’ provided.

--k8s-status_nodeInfo_architecture-equals <k8s_status_nodeinfo_architecture_equals>

Only show Node resources where field ‘Architecture’ ‘equals’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-ends-with <k8s_status_nodeinfo_containerruntimeversion_ends_with>

Only show Node resources where field ‘Container Runtime Version’ ‘ends-with’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-starts-with <k8s_status_nodeinfo_containerruntimeversion_starts_with>

Only show Node resources where field ‘Container Runtime Version’ ‘starts-with’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-not-contains <k8s_status_nodeinfo_containerruntimeversion_not_contains>

Only show Node resources where field ‘Container Runtime Version’ ‘not-contains’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-contains <k8s_status_nodeinfo_containerruntimeversion_contains>

Only show Node resources where field ‘Container Runtime Version’ ‘contains’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-not-equals <k8s_status_nodeinfo_containerruntimeversion_not_equals>

Only show Node resources where field ‘Container Runtime Version’ ‘not-equals’ provided.

--k8s-status_nodeInfo_containerRuntimeVersion-equals <k8s_status_nodeinfo_containerruntimeversion_equals>

Only show Node resources where field ‘Container Runtime Version’ ‘equals’ provided.

--k8s-status_nodeInfo_osImage-ends-with <k8s_status_nodeinfo_osimage_ends_with>

Only show Node resources where field ‘OS Image’ ‘ends-with’ provided.

--k8s-status_nodeInfo_osImage-starts-with <k8s_status_nodeinfo_osimage_starts_with>

Only show Node resources where field ‘OS Image’ ‘starts-with’ provided.

--k8s-status_nodeInfo_osImage-not-contains <k8s_status_nodeinfo_osimage_not_contains>

Only show Node resources where field ‘OS Image’ ‘not-contains’ provided.

--k8s-status_nodeInfo_osImage-contains <k8s_status_nodeinfo_osimage_contains>

Only show Node resources where field ‘OS Image’ ‘contains’ provided.

--k8s-status_nodeInfo_osImage-not-equals <k8s_status_nodeinfo_osimage_not_equals>

Only show Node resources where field ‘OS Image’ ‘not-equals’ provided.

--k8s-status_nodeInfo_osImage-equals <k8s_status_nodeinfo_osimage_equals>

Only show Node resources where field ‘OS Image’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Node resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Node resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Node resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Node resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Node resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Node resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Node resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Node resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Node resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Node resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Node resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Node resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Node resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Node resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Node resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Node resources where field ‘Name’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Node resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Node resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Node resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Node resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Node resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Node resources where field ‘Kubernetes UID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Node resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Node resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Node resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Node resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Node resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Node resources where field ‘Machine UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Node resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Node resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Node resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Node resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Node resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Node resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Node resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Node resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Node resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Node resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Node resources where field ‘original_schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Node resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Node resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Node resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Node resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Node resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Node resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Node resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Node resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Node resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Node resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Node resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Node resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Node resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Node resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Node resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Node resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Node resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

notification-targets

Get notification_targets by name or id.

spyctl get notification-targets [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--reversed

Reverse the order of the results.

--tags-contain <tags_contain>

Only show resources that contain these tags.

--action-taken-equals <action_taken_equals>

Only show historical ‘audit’ resources generated by a specific user action, such as ‘insert’ or ‘delete’

Options:

insert | delete | update | enable | disable

--latest-version

Pulling from the historical ‘audit’ tables, only retrieve the latest version of the resources by uid.

--raw-data

--type-equals <type_equals>

Filter by notification target type.

Options:

email | slack | pagerduty | webhook

--from-history

Include historical archive data in the output.

--exclude-target-data

Exclude potentially sensitive target data from the output. (Requires less-sensitive permissions)

--sort-by <sort_by>

Sort the results by a field.

Options:

name | description | create_time | last_updated | type

--version <version>

Filter by the specified version of the notification target.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

notification-templates

Get notification_templates by name or id.

spyctl get notification-templates [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--reversed

Reverse the order of the results.

--tags-contain <tags_contain>

Only show resources that contain these tags.

--action-taken-equals <action_taken_equals>

Only show historical ‘audit’ resources generated by a specific user action, such as ‘insert’ or ‘delete’

Options:

insert | delete | update | enable | disable

--latest-version

Pulling from the historical ‘audit’ tables, only retrieve the latest version of the resources by uid.

--raw-data

--type-equals <type_equals>

Filter by notification target type.

Options:

email | slack | pagerduty | webhook

--from-history

Include historical archive data in the output.

--sort-by <sort_by>

Sort the results by a field.

Options:

name | description | create_time | last_updated | type

--version <version>

Filter by the specified version of the notification target.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

opsflags

Get opsflags by name or id.

spyctl get opsflags [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--agent-type-ends-with <agent_type_ends_with>

Only show Opsflag resources where field ‘Agent Type’ ‘ends-with’ provided.

--agent-type-starts-with <agent_type_starts_with>

Only show Opsflag resources where field ‘Agent Type’ ‘starts-with’ provided.

--agent-type-not-contains <agent_type_not_contains>

Only show Opsflag resources where field ‘Agent Type’ ‘not-contains’ provided.

--agent-type-contains <agent_type_contains>

Only show Opsflag resources where field ‘Agent Type’ ‘contains’ provided.

--agent-type-not-equals <agent_type_not_equals>

Only show Opsflag resources where field ‘Agent Type’ ‘not-equals’ provided.

--agent-type-equals <agent_type_equals>

Only show Opsflag resources where field ‘Agent Type’ ‘equals’ provided.

--ancestors-all-items-not-contains <ancestors_all_items_not_contains>

Only show Opsflag resources where field ‘Ancestors’ ‘all-items-not-contains’ provided.

--ancestors-all-items-not-equals <ancestors_all_items_not_equals>

Only show Opsflag resources where field ‘Ancestors’ ‘all-items-not-equals’ provided.

--ancestors-any-item-contains <ancestors_any_item_contains>

Only show Opsflag resources where field ‘Ancestors’ ‘any-item-contains’ provided.

--ancestors-any-item-equals <ancestors_any_item_equals>

Only show Opsflag resources where field ‘Ancestors’ ‘any-item-equals’ provided.

--args-all-items-not-contains <args_all_items_not_contains>

Only show Opsflag resources where field ‘Arguments’ ‘all-items-not-contains’ provided.

--args-all-items-not-equals <args_all_items_not_equals>

Only show Opsflag resources where field ‘Arguments’ ‘all-items-not-equals’ provided.

--args-any-item-contains <args_any_item_contains>

Only show Opsflag resources where field ‘Arguments’ ‘any-item-contains’ provided.

--args-any-item-equals <args_any_item_equals>

Only show Opsflag resources where field ‘Arguments’ ‘any-item-equals’ provided.

--auser-ends-with <auser_ends_with>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘ends-with’ provided.

--auser-starts-with <auser_starts_with>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘starts-with’ provided.

--auser-not-contains <auser_not_contains>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘not-contains’ provided.

--auser-contains <auser_contains>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘contains’ provided.

--auser-not-equals <auser_not_equals>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘not-equals’ provided.

--auser-equals <auser_equals>

Only show Opsflag resources where field ‘Authenticated User Name’ ‘equals’ provided.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Opsflag resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Opsflag resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Opsflag resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Opsflag resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Opsflag resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Opsflag resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Opsflag resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Opsflag resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Opsflag resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Opsflag resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Opsflag resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Opsflag resources where field ‘Cluster UID’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Opsflag resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Opsflag resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Opsflag resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Opsflag resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Opsflag resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Opsflag resources where field ‘Container UID’ ‘equals’ provided.

--custom-flag-name-ends-with <custom_flag_name_ends_with>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘ends-with’ provided.

--custom-flag-name-starts-with <custom_flag_name_starts_with>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘starts-with’ provided.

--custom-flag-name-not-contains <custom_flag_name_not_contains>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘not-contains’ provided.

--custom-flag-name-contains <custom_flag_name_contains>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘contains’ provided.

--custom-flag-name-not-equals <custom_flag_name_not_equals>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘not-equals’ provided.

--custom-flag-name-equals <custom_flag_name_equals>

Only show Opsflag resources where field ‘Custom Flag Name’ ‘equals’ provided.

--custom-flag-uid-ends-with <custom_flag_uid_ends_with>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘ends-with’ provided.

--custom-flag-uid-starts-with <custom_flag_uid_starts_with>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘starts-with’ provided.

--custom-flag-uid-not-contains <custom_flag_uid_not_contains>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘not-contains’ provided.

--custom-flag-uid-contains <custom_flag_uid_contains>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘contains’ provided.

--custom-flag-uid-not-equals <custom_flag_uid_not_equals>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘not-equals’ provided.

--custom-flag-uid-equals <custom_flag_uid_equals>

Only show Opsflag resources where field ‘Custom Flag UID’ ‘equals’ provided.

--description-ends-with <description_ends_with>

Only show Opsflag resources where field ‘Description’ ‘ends-with’ provided.

--description-starts-with <description_starts_with>

Only show Opsflag resources where field ‘Description’ ‘starts-with’ provided.

--description-not-contains <description_not_contains>

Only show Opsflag resources where field ‘Description’ ‘not-contains’ provided.

--description-contains <description_contains>

Only show Opsflag resources where field ‘Description’ ‘contains’ provided.

--description-not-equals <description_not_equals>

Only show Opsflag resources where field ‘Description’ ‘not-equals’ provided.

--description-equals <description_equals>

Only show Opsflag resources where field ‘Description’ ‘equals’ provided.

--is-ephemeral <is_ephemeral>

Only show Opsflag resources where field ‘Is Ephemeral’ matches the provided boolean value.

--euser-ends-with <euser_ends_with>

Only show Opsflag resources where field ‘Effective User Name’ ‘ends-with’ provided.

--euser-starts-with <euser_starts_with>

Only show Opsflag resources where field ‘Effective User Name’ ‘starts-with’ provided.

--euser-not-contains <euser_not_contains>

Only show Opsflag resources where field ‘Effective User Name’ ‘not-contains’ provided.

--euser-contains <euser_contains>

Only show Opsflag resources where field ‘Effective User Name’ ‘contains’ provided.

--euser-not-equals <euser_not_equals>

Only show Opsflag resources where field ‘Effective User Name’ ‘not-equals’ provided.

--euser-equals <euser_equals>

Only show Opsflag resources where field ‘Effective User Name’ ‘equals’ provided.

--is-false-positive <is_false_positive>

Only show Opsflag resources where field ‘False positive’ matches the provided boolean value.

--flag-class-ends-with <flag_class_ends_with>

Only show Opsflag resources where field ‘Class’ ‘ends-with’ provided.

--flag-class-starts-with <flag_class_starts_with>

Only show Opsflag resources where field ‘Class’ ‘starts-with’ provided.

--flag-class-not-contains <flag_class_not_contains>

Only show Opsflag resources where field ‘Class’ ‘not-contains’ provided.

--flag-class-contains <flag_class_contains>

Only show Opsflag resources where field ‘Class’ ‘contains’ provided.

--flag-class-not-equals <flag_class_not_equals>

Only show Opsflag resources where field ‘Class’ ‘not-equals’ provided.

--flag-class-equals <flag_class_equals>

Only show Opsflag resources where field ‘Class’ ‘equals’ provided.

--hostname-ends-with <hostname_ends_with>

Only show Opsflag resources where field ‘Hostname’ ‘ends-with’ provided.

--hostname-starts-with <hostname_starts_with>

Only show Opsflag resources where field ‘Hostname’ ‘starts-with’ provided.

--hostname-not-contains <hostname_not_contains>

Only show Opsflag resources where field ‘Hostname’ ‘not-contains’ provided.

--hostname-contains <hostname_contains>

Only show Opsflag resources where field ‘Hostname’ ‘contains’ provided.

--hostname-not-equals <hostname_not_equals>

Only show Opsflag resources where field ‘Hostname’ ‘not-equals’ provided.

--hostname-equals <hostname_equals>

Only show Opsflag resources where field ‘Hostname’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Opsflag resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Opsflag resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Opsflag resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Opsflag resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Opsflag resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Opsflag resources where field ‘UID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Opsflag resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Opsflag resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Opsflag resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Opsflag resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Opsflag resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Opsflag resources where field ‘Machine UID’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Opsflag resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Opsflag resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Opsflag resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Opsflag resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Opsflag resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Opsflag resources where field ‘original_schema’ ‘equals’ provided.

--pod-namespace-ends-with <pod_namespace_ends_with>

Only show Opsflag resources where field ‘Pod Namespace’ ‘ends-with’ provided.

--pod-namespace-starts-with <pod_namespace_starts_with>

Only show Opsflag resources where field ‘Pod Namespace’ ‘starts-with’ provided.

--pod-namespace-not-contains <pod_namespace_not_contains>

Only show Opsflag resources where field ‘Pod Namespace’ ‘not-contains’ provided.

--pod-namespace-contains <pod_namespace_contains>

Only show Opsflag resources where field ‘Pod Namespace’ ‘contains’ provided.

--pod-namespace-not-equals <pod_namespace_not_equals>

Only show Opsflag resources where field ‘Pod Namespace’ ‘not-equals’ provided.

--pod-namespace-equals <pod_namespace_equals>

Only show Opsflag resources where field ‘Pod Namespace’ ‘equals’ provided.

--pod-uid-ends-with <pod_uid_ends_with>

Only show Opsflag resources where field ‘Pod UID’ ‘ends-with’ provided.

--pod-uid-starts-with <pod_uid_starts_with>

Only show Opsflag resources where field ‘Pod UID’ ‘starts-with’ provided.

--pod-uid-not-contains <pod_uid_not_contains>

Only show Opsflag resources where field ‘Pod UID’ ‘not-contains’ provided.

--pod-uid-contains <pod_uid_contains>

Only show Opsflag resources where field ‘Pod UID’ ‘contains’ provided.

--pod-uid-not-equals <pod_uid_not_equals>

Only show Opsflag resources where field ‘Pod UID’ ‘not-equals’ provided.

--pod-uid-equals <pod_uid_equals>

Only show Opsflag resources where field ‘Pod UID’ ‘equals’ provided.

--ref-ends-with <ref_ends_with>

Only show Opsflag resources where field ‘Reference Object UID’ ‘ends-with’ provided.

--ref-starts-with <ref_starts_with>

Only show Opsflag resources where field ‘Reference Object UID’ ‘starts-with’ provided.

--ref-not-contains <ref_not_contains>

Only show Opsflag resources where field ‘Reference Object UID’ ‘not-contains’ provided.

--ref-contains <ref_contains>

Only show Opsflag resources where field ‘Reference Object UID’ ‘contains’ provided.

--ref-not-equals <ref_not_equals>

Only show Opsflag resources where field ‘Reference Object UID’ ‘not-equals’ provided.

--ref-equals <ref_equals>

Only show Opsflag resources where field ‘Reference Object UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Opsflag resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Opsflag resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Opsflag resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Opsflag resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Opsflag resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Opsflag resources where field ‘Schema’ ‘equals’ provided.

--severity-ends-with <severity_ends_with>

Only show Opsflag resources where field ‘Severity’ ‘ends-with’ provided.

--severity-starts-with <severity_starts_with>

Only show Opsflag resources where field ‘Severity’ ‘starts-with’ provided.

--severity-not-contains <severity_not_contains>

Only show Opsflag resources where field ‘Severity’ ‘not-contains’ provided.

--severity-contains <severity_contains>

Only show Opsflag resources where field ‘Severity’ ‘contains’ provided.

--severity-not-equals <severity_not_equals>

Only show Opsflag resources where field ‘Severity’ ‘not-equals’ provided.

--severity-equals <severity_equals>

Only show Opsflag resources where field ‘Severity’ ‘equals’ provided.

--short-name-ends-with <short_name_ends_with>

Only show Opsflag resources where field ‘Short Name’ ‘ends-with’ provided.

--short-name-starts-with <short_name_starts_with>

Only show Opsflag resources where field ‘Short Name’ ‘starts-with’ provided.

--short-name-not-contains <short_name_not_contains>

Only show Opsflag resources where field ‘Short Name’ ‘not-contains’ provided.

--short-name-contains <short_name_contains>

Only show Opsflag resources where field ‘Short Name’ ‘contains’ provided.

--short-name-not-equals <short_name_not_equals>

Only show Opsflag resources where field ‘Short Name’ ‘not-equals’ provided.

--short-name-equals <short_name_equals>

Only show Opsflag resources where field ‘Short Name’ ‘equals’ provided.

--uptime-lt <uptime_lt>

Only show Opsflag resources where field ‘Uptime’ ‘lt’ provided.

--uptime-gte <uptime_gte>

Only show Opsflag resources where field ‘Uptime’ ‘gte’ provided.

--uptime-gt <uptime_gt>

Only show Opsflag resources where field ‘Uptime’ ‘gt’ provided.

--uptime-not-equals <uptime_not_equals>

Only show Opsflag resources where field ‘Uptime’ ‘not-equals’ provided.

--uptime-equals <uptime_equals>

Only show Opsflag resources where field ‘Uptime’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

pods

Get pods by name or id.

spyctl get pods [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Pod resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Pod resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Pod resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Pod resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Pod resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Pod resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Pod resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Pod resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Pod resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Pod resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Pod resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Pod resources where field ‘Cluster UID’ ‘equals’ provided.

--deployment-name-ends-with <deployment_name_ends_with>

Only show Pod resources where field ‘Deployment name’ ‘ends-with’ provided.

--deployment-name-starts-with <deployment_name_starts_with>

Only show Pod resources where field ‘Deployment name’ ‘starts-with’ provided.

--deployment-name-not-contains <deployment_name_not_contains>

Only show Pod resources where field ‘Deployment name’ ‘not-contains’ provided.

--deployment-name-contains <deployment_name_contains>

Only show Pod resources where field ‘Deployment name’ ‘contains’ provided.

--deployment-name-not-equals <deployment_name_not_equals>

Only show Pod resources where field ‘Deployment name’ ‘not-equals’ provided.

--deployment-name-equals <deployment_name_equals>

Only show Pod resources where field ‘Deployment name’ ‘equals’ provided.

--deployment-uid-ends-with <deployment_uid_ends_with>

Only show Pod resources where field ‘Deployment UID’ ‘ends-with’ provided.

--deployment-uid-starts-with <deployment_uid_starts_with>

Only show Pod resources where field ‘Deployment UID’ ‘starts-with’ provided.

--deployment-uid-not-contains <deployment_uid_not_contains>

Only show Pod resources where field ‘Deployment UID’ ‘not-contains’ provided.

--deployment-uid-contains <deployment_uid_contains>

Only show Pod resources where field ‘Deployment UID’ ‘contains’ provided.

--deployment-uid-not-equals <deployment_uid_not_equals>

Only show Pod resources where field ‘Deployment UID’ ‘not-equals’ provided.

--deployment-uid-equals <deployment_uid_equals>

Only show Pod resources where field ‘Deployment UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Pod resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Pod resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Pod resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Pod resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Pod resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Pod resources where field ‘UID’ ‘equals’ provided.

--k8s-status_phase-ends-with <k8s_status_phase_ends_with>

Only show Pod resources where field ‘Phase’ ‘ends-with’ provided.

--k8s-status_phase-starts-with <k8s_status_phase_starts_with>

Only show Pod resources where field ‘Phase’ ‘starts-with’ provided.

--k8s-status_phase-not-contains <k8s_status_phase_not_contains>

Only show Pod resources where field ‘Phase’ ‘not-contains’ provided.

--k8s-status_phase-contains <k8s_status_phase_contains>

Only show Pod resources where field ‘Phase’ ‘contains’ provided.

--k8s-status_phase-not-equals <k8s_status_phase_not_equals>

Only show Pod resources where field ‘Phase’ ‘not-equals’ provided.

--k8s-status_phase-equals <k8s_status_phase_equals>

Only show Pod resources where field ‘Phase’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Pod resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Pod resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Pod resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Pod resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Pod resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Pod resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Pod resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Pod resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Pod resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Pod resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Pod resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Pod resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Pod resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Pod resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Pod resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Pod resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Pod resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Pod resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Pod resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Pod resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Pod resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Pod resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Pod resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Pod resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Pod resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Pod resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Pod resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Pod resources where field ‘Kubernetes UID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Pod resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Pod resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Pod resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Pod resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Pod resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Pod resources where field ‘Machine UID’ ‘equals’ provided.

--node-uid-ends-with <node_uid_ends_with>

Only show Pod resources where field ‘Node UID’ ‘ends-with’ provided.

--node-uid-starts-with <node_uid_starts_with>

Only show Pod resources where field ‘Node UID’ ‘starts-with’ provided.

--node-uid-not-contains <node_uid_not_contains>

Only show Pod resources where field ‘Node UID’ ‘not-contains’ provided.

--node-uid-contains <node_uid_contains>

Only show Pod resources where field ‘Node UID’ ‘contains’ provided.

--node-uid-not-equals <node_uid_not_equals>

Only show Pod resources where field ‘Node UID’ ‘not-equals’ provided.

--node-uid-equals <node_uid_equals>

Only show Pod resources where field ‘Node UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Pod resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Pod resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Pod resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Pod resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Pod resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Pod resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Pod resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Pod resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Pod resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Pod resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Pod resources where field ‘original_schema’ ‘equals’ provided.

--owner-kind-ends-with <owner_kind_ends_with>

Only show Pod resources where field ‘Owner Kind’ ‘ends-with’ provided.

--owner-kind-starts-with <owner_kind_starts_with>

Only show Pod resources where field ‘Owner Kind’ ‘starts-with’ provided.

--owner-kind-not-contains <owner_kind_not_contains>

Only show Pod resources where field ‘Owner Kind’ ‘not-contains’ provided.

--owner-kind-contains <owner_kind_contains>

Only show Pod resources where field ‘Owner Kind’ ‘contains’ provided.

--owner-kind-not-equals <owner_kind_not_equals>

Only show Pod resources where field ‘Owner Kind’ ‘not-equals’ provided.

--owner-kind-equals <owner_kind_equals>

Only show Pod resources where field ‘Owner Kind’ ‘equals’ provided.

--owner-name-ends-with <owner_name_ends_with>

Only show Pod resources where field ‘Owner Name’ ‘ends-with’ provided.

--owner-name-starts-with <owner_name_starts_with>

Only show Pod resources where field ‘Owner Name’ ‘starts-with’ provided.

--owner-name-not-contains <owner_name_not_contains>

Only show Pod resources where field ‘Owner Name’ ‘not-contains’ provided.

--owner-name-contains <owner_name_contains>

Only show Pod resources where field ‘Owner Name’ ‘contains’ provided.

--owner-name-not-equals <owner_name_not_equals>

Only show Pod resources where field ‘Owner Name’ ‘not-equals’ provided.

--owner-name-equals <owner_name_equals>

Only show Pod resources where field ‘Owner Name’ ‘equals’ provided.

--owner-uid-ends-with <owner_uid_ends_with>

Only show Pod resources where field ‘Owner UID’ ‘ends-with’ provided.

--owner-uid-starts-with <owner_uid_starts_with>

Only show Pod resources where field ‘Owner UID’ ‘starts-with’ provided.

--owner-uid-not-contains <owner_uid_not_contains>

Only show Pod resources where field ‘Owner UID’ ‘not-contains’ provided.

--owner-uid-contains <owner_uid_contains>

Only show Pod resources where field ‘Owner UID’ ‘contains’ provided.

--owner-uid-not-equals <owner_uid_not_equals>

Only show Pod resources where field ‘Owner UID’ ‘not-equals’ provided.

--owner-uid-equals <owner_uid_equals>

Only show Pod resources where field ‘Owner UID’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Pod resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Pod resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Pod resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Pod resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Pod resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Pod resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Pod resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Pod resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Pod resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Pod resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Pod resources where field ‘Schema’ ‘equals’ provided.

--spec_nodeName-ends-with <spec_nodename_ends_with>

Only show Pod resources where field ‘Node Name’ ‘ends-with’ provided.

--spec_nodeName-starts-with <spec_nodename_starts_with>

Only show Pod resources where field ‘Node Name’ ‘starts-with’ provided.

--spec_nodeName-not-contains <spec_nodename_not_contains>

Only show Pod resources where field ‘Node Name’ ‘not-contains’ provided.

--spec_nodeName-contains <spec_nodename_contains>

Only show Pod resources where field ‘Node Name’ ‘contains’ provided.

--spec_nodeName-not-equals <spec_nodename_not_equals>

Only show Pod resources where field ‘Node Name’ ‘not-equals’ provided.

--spec_nodeName-equals <spec_nodename_equals>

Only show Pod resources where field ‘Node Name’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Pod resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Pod resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Pod resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Pod resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Pod resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Pod resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

policies

Get policies by name or id.

spyctl get policies [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

-O, --output-to-file

Should output policies to a file. Unique filename created from the name in each policy’s metadata.

--get-deviations

In the summary output, show deviations count for the provided time window

--type <type>

The type of policy to return.

Options:

linux-service | container | trace | cluster

--from-archive

Retrieve archived ruleset versions.

--version <version>

Retrieve archived rulesets with a specific version.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

processes

Get processes by name or id.

spyctl get processes [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--ancestor-uids-all-items-not-contains <ancestor_uids_all_items_not_contains>

Only show Process resources where field ‘Ancestor UIDs’ ‘all-items-not-contains’ provided.

--ancestor-uids-all-items-not-equals <ancestor_uids_all_items_not_equals>

Only show Process resources where field ‘Ancestor UIDs’ ‘all-items-not-equals’ provided.

--ancestor-uids-any-item-contains <ancestor_uids_any_item_contains>

Only show Process resources where field ‘Ancestor UIDs’ ‘any-item-contains’ provided.

--ancestor-uids-any-item-equals <ancestor_uids_any_item_equals>

Only show Process resources where field ‘Ancestor UIDs’ ‘any-item-equals’ provided.

--ancestors-all-items-not-contains <ancestors_all_items_not_contains>

Only show Process resources where field ‘Ancestors’ ‘all-items-not-contains’ provided.

--ancestors-all-items-not-equals <ancestors_all_items_not_equals>

Only show Process resources where field ‘Ancestors’ ‘all-items-not-equals’ provided.

--ancestors-any-item-contains <ancestors_any_item_contains>

Only show Process resources where field ‘Ancestors’ ‘any-item-contains’ provided.

--ancestors-any-item-equals <ancestors_any_item_equals>

Only show Process resources where field ‘Ancestors’ ‘any-item-equals’ provided.

--args-all-items-not-contains <args_all_items_not_contains>

Only show Process resources where field ‘Arguments’ ‘all-items-not-contains’ provided.

--args-all-items-not-equals <args_all_items_not_equals>

Only show Process resources where field ‘Arguments’ ‘all-items-not-equals’ provided.

--args-any-item-contains <args_any_item_contains>

Only show Process resources where field ‘Arguments’ ‘any-item-contains’ provided.

--args-any-item-equals <args_any_item_equals>

Only show Process resources where field ‘Arguments’ ‘any-item-equals’ provided.

--auser-ends-with <auser_ends_with>

Only show Process resources where field ‘Authenticated user’ ‘ends-with’ provided.

--auser-starts-with <auser_starts_with>

Only show Process resources where field ‘Authenticated user’ ‘starts-with’ provided.

--auser-not-contains <auser_not_contains>

Only show Process resources where field ‘Authenticated user’ ‘not-contains’ provided.

--auser-contains <auser_contains>

Only show Process resources where field ‘Authenticated user’ ‘contains’ provided.

--auser-not-equals <auser_not_equals>

Only show Process resources where field ‘Authenticated user’ ‘not-equals’ provided.

--auser-equals <auser_equals>

Only show Process resources where field ‘Authenticated user’ ‘equals’ provided.

--cgroup-ends-with <cgroup_ends_with>

Only show Process resources where field ‘CGroup’ ‘ends-with’ provided.

--cgroup-starts-with <cgroup_starts_with>

Only show Process resources where field ‘CGroup’ ‘starts-with’ provided.

--cgroup-not-contains <cgroup_not_contains>

Only show Process resources where field ‘CGroup’ ‘not-contains’ provided.

--cgroup-contains <cgroup_contains>

Only show Process resources where field ‘CGroup’ ‘contains’ provided.

--cgroup-not-equals <cgroup_not_equals>

Only show Process resources where field ‘CGroup’ ‘not-equals’ provided.

--cgroup-equals <cgroup_equals>

Only show Process resources where field ‘CGroup’ ‘equals’ provided.

--container-id-ends-with <container_id_ends_with>

Only show Process resources where field ‘Container ID’ ‘ends-with’ provided.

--container-id-starts-with <container_id_starts_with>

Only show Process resources where field ‘Container ID’ ‘starts-with’ provided.

--container-id-not-contains <container_id_not_contains>

Only show Process resources where field ‘Container ID’ ‘not-contains’ provided.

--container-id-contains <container_id_contains>

Only show Process resources where field ‘Container ID’ ‘contains’ provided.

--container-id-not-equals <container_id_not_equals>

Only show Process resources where field ‘Container ID’ ‘not-equals’ provided.

--container-id-equals <container_id_equals>

Only show Process resources where field ‘Container ID’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Process resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Process resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Process resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Process resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Process resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Process resources where field ‘Container UID’ ‘equals’ provided.

--duration-lt <duration_lt>

Only show Process resources where field ‘Duration’ ‘lt’ provided.

--duration-gte <duration_gte>

Only show Process resources where field ‘Duration’ ‘gte’ provided.

--duration-gt <duration_gt>

Only show Process resources where field ‘Duration’ ‘gt’ provided.

--duration-not-equals <duration_not_equals>

Only show Process resources where field ‘Duration’ ‘not-equals’ provided.

--duration-equals <duration_equals>

Only show Process resources where field ‘Duration’ ‘equals’ provided.

--environ-any-value-contains <environ_any_value_contains>

Only show Process resources where field ‘Environment Variables’ ‘any-value-contains’ provided.

--environ-any-value-equals <environ_any_value_equals>

Only show Process resources where field ‘Environment Variables’ ‘any-value-equals’ provided.

--environ-any-key-contains <environ_any_key_contains>

Only show Process resources where field ‘Environment Variables’ ‘any-key-contains’ provided.

--environ-any-key-equals <environ_any_key_equals>

Only show Process resources where field ‘Environment Variables’ ‘any-key-equals’ provided.

--euser-ends-with <euser_ends_with>

Only show Process resources where field ‘Effective user’ ‘ends-with’ provided.

--euser-starts-with <euser_starts_with>

Only show Process resources where field ‘Effective user’ ‘starts-with’ provided.

--euser-not-contains <euser_not_contains>

Only show Process resources where field ‘Effective user’ ‘not-contains’ provided.

--euser-contains <euser_contains>

Only show Process resources where field ‘Effective user’ ‘contains’ provided.

--euser-not-equals <euser_not_equals>

Only show Process resources where field ‘Effective user’ ‘not-equals’ provided.

--euser-equals <euser_equals>

Only show Process resources where field ‘Effective user’ ‘equals’ provided.

--exe-ends-with <exe_ends_with>

Only show Process resources where field ‘Executable’ ‘ends-with’ provided.

--exe-starts-with <exe_starts_with>

Only show Process resources where field ‘Executable’ ‘starts-with’ provided.

--exe-not-contains <exe_not_contains>

Only show Process resources where field ‘Executable’ ‘not-contains’ provided.

--exe-contains <exe_contains>

Only show Process resources where field ‘Executable’ ‘contains’ provided.

--exe-not-equals <exe_not_equals>

Only show Process resources where field ‘Executable’ ‘not-equals’ provided.

--exe-equals <exe_equals>

Only show Process resources where field ‘Executable’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Process resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Process resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Process resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Process resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Process resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Process resources where field ‘UID’ ‘equals’ provided.

--is-interactive <is_interactive>

Only show Process resources where field ‘Interactive’ matches the provided boolean value.

--muid-ends-with <muid_ends_with>

Only show Process resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Process resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Process resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Process resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Process resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Process resources where field ‘Machine UID’ ‘equals’ provided.

--name-ends-with <name_ends_with>

Only show Process resources where field ‘Name’ ‘ends-with’ provided.

--name-starts-with <name_starts_with>

Only show Process resources where field ‘Name’ ‘starts-with’ provided.

--name-not-contains <name_not_contains>

Only show Process resources where field ‘Name’ ‘not-contains’ provided.

--name-contains <name_contains>

Only show Process resources where field ‘Name’ ‘contains’ provided.

--name-not-equals <name_not_equals>

Only show Process resources where field ‘Name’ ‘not-equals’ provided.

--name-equals <name_equals>

Only show Process resources where field ‘Name’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Process resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Process resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Process resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Process resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Process resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Process resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Process resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Process resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Process resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Process resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Process resources where field ‘Original schema’ ‘equals’ provided.

--pid-lt <pid_lt>

Only show Process resources where field ‘PID’ ‘lt’ provided.

--pid-gte <pid_gte>

Only show Process resources where field ‘PID’ ‘gte’ provided.

--pid-gt <pid_gt>

Only show Process resources where field ‘PID’ ‘gt’ provided.

--pid-not-equals <pid_not_equals>

Only show Process resources where field ‘PID’ ‘not-equals’ provided.

--pid-equals <pid_equals>

Only show Process resources where field ‘PID’ ‘equals’ provided.

--ppid-lt <ppid_lt>

Only show Process resources where field ‘Parent PID’ ‘lt’ provided.

--ppid-gte <ppid_gte>

Only show Process resources where field ‘Parent PID’ ‘gte’ provided.

--ppid-gt <ppid_gt>

Only show Process resources where field ‘Parent PID’ ‘gt’ provided.

--ppid-not-equals <ppid_not_equals>

Only show Process resources where field ‘Parent PID’ ‘not-equals’ provided.

--ppid-equals <ppid_equals>

Only show Process resources where field ‘Parent PID’ ‘equals’ provided.

--ppuid-ends-with <ppuid_ends_with>

Only show Process resources where field ‘Parent Process UID’ ‘ends-with’ provided.

--ppuid-starts-with <ppuid_starts_with>

Only show Process resources where field ‘Parent Process UID’ ‘starts-with’ provided.

--ppuid-not-contains <ppuid_not_contains>

Only show Process resources where field ‘Parent Process UID’ ‘not-contains’ provided.

--ppuid-contains <ppuid_contains>

Only show Process resources where field ‘Parent Process UID’ ‘contains’ provided.

--ppuid-not-equals <ppuid_not_equals>

Only show Process resources where field ‘Parent Process UID’ ‘not-equals’ provided.

--ppuid-equals <ppuid_equals>

Only show Process resources where field ‘Parent Process UID’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Process resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Process resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Process resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Process resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Process resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Process resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Process resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Process resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Process resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Process resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Process resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Process resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Process resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Process resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Process resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Process resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Process resources where field ‘Status’ ‘equals’ provided.

--is-thread <is_thread>

Only show Process resources where field ‘Thread’ matches the provided boolean value.

--traces-all-items-not-contains <traces_all_items_not_contains>

Only show Process resources where field ‘Traces’ ‘all-items-not-contains’ provided.

--traces-all-items-not-equals <traces_all_items_not_equals>

Only show Process resources where field ‘Traces’ ‘all-items-not-equals’ provided.

--traces-any-item-contains <traces_any_item_contains>

Only show Process resources where field ‘Traces’ ‘any-item-contains’ provided.

--traces-any-item-equals <traces_any_item_equals>

Only show Process resources where field ‘Traces’ ‘any-item-equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

redflags

Get redflags by name or id.

spyctl get redflags [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--ancestors-all-items-not-contains <ancestors_all_items_not_contains>

Only show Redflag resources where field ‘Ancestors’ ‘all-items-not-contains’ provided.

--ancestors-all-items-not-equals <ancestors_all_items_not_equals>

Only show Redflag resources where field ‘Ancestors’ ‘all-items-not-equals’ provided.

--ancestors-any-item-contains <ancestors_any_item_contains>

Only show Redflag resources where field ‘Ancestors’ ‘any-item-contains’ provided.

--ancestors-any-item-equals <ancestors_any_item_equals>

Only show Redflag resources where field ‘Ancestors’ ‘any-item-equals’ provided.

--args-all-items-not-contains <args_all_items_not_contains>

Only show Redflag resources where field ‘Arguments’ ‘all-items-not-contains’ provided.

--args-all-items-not-equals <args_all_items_not_equals>

Only show Redflag resources where field ‘Arguments’ ‘all-items-not-equals’ provided.

--args-any-item-contains <args_any_item_contains>

Only show Redflag resources where field ‘Arguments’ ‘any-item-contains’ provided.

--args-any-item-equals <args_any_item_equals>

Only show Redflag resources where field ‘Arguments’ ‘any-item-equals’ provided.

--auser-ends-with <auser_ends_with>

Only show Redflag resources where field ‘Authenticated User Name’ ‘ends-with’ provided.

--auser-starts-with <auser_starts_with>

Only show Redflag resources where field ‘Authenticated User Name’ ‘starts-with’ provided.

--auser-not-contains <auser_not_contains>

Only show Redflag resources where field ‘Authenticated User Name’ ‘not-contains’ provided.

--auser-contains <auser_contains>

Only show Redflag resources where field ‘Authenticated User Name’ ‘contains’ provided.

--auser-not-equals <auser_not_equals>

Only show Redflag resources where field ‘Authenticated User Name’ ‘not-equals’ provided.

--auser-equals <auser_equals>

Only show Redflag resources where field ‘Authenticated User Name’ ‘equals’ provided.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Redflag resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Redflag resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Redflag resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Redflag resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Redflag resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Redflag resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Redflag resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Redflag resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Redflag resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Redflag resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Redflag resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Redflag resources where field ‘Cluster UID’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Redflag resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Redflag resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Redflag resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Redflag resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Redflag resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Redflag resources where field ‘Container UID’ ‘equals’ provided.

--custom-flag-name-ends-with <custom_flag_name_ends_with>

Only show Redflag resources where field ‘Custom Flag Name’ ‘ends-with’ provided.

--custom-flag-name-starts-with <custom_flag_name_starts_with>

Only show Redflag resources where field ‘Custom Flag Name’ ‘starts-with’ provided.

--custom-flag-name-not-contains <custom_flag_name_not_contains>

Only show Redflag resources where field ‘Custom Flag Name’ ‘not-contains’ provided.

--custom-flag-name-contains <custom_flag_name_contains>

Only show Redflag resources where field ‘Custom Flag Name’ ‘contains’ provided.

--custom-flag-name-not-equals <custom_flag_name_not_equals>

Only show Redflag resources where field ‘Custom Flag Name’ ‘not-equals’ provided.

--custom-flag-name-equals <custom_flag_name_equals>

Only show Redflag resources where field ‘Custom Flag Name’ ‘equals’ provided.

--custom-flag-uid-ends-with <custom_flag_uid_ends_with>

Only show Redflag resources where field ‘Custom Flag UID’ ‘ends-with’ provided.

--custom-flag-uid-starts-with <custom_flag_uid_starts_with>

Only show Redflag resources where field ‘Custom Flag UID’ ‘starts-with’ provided.

--custom-flag-uid-not-contains <custom_flag_uid_not_contains>

Only show Redflag resources where field ‘Custom Flag UID’ ‘not-contains’ provided.

--custom-flag-uid-contains <custom_flag_uid_contains>

Only show Redflag resources where field ‘Custom Flag UID’ ‘contains’ provided.

--custom-flag-uid-not-equals <custom_flag_uid_not_equals>

Only show Redflag resources where field ‘Custom Flag UID’ ‘not-equals’ provided.

--custom-flag-uid-equals <custom_flag_uid_equals>

Only show Redflag resources where field ‘Custom Flag UID’ ‘equals’ provided.

--cves-all-items-not-contains <cves_all_items_not_contains>

Only show Redflag resources where field ‘CVE’ ‘all-items-not-contains’ provided.

--cves-all-items-not-equals <cves_all_items_not_equals>

Only show Redflag resources where field ‘CVE’ ‘all-items-not-equals’ provided.

--cves-any-item-contains <cves_any_item_contains>

Only show Redflag resources where field ‘CVE’ ‘any-item-contains’ provided.

--cves-any-item-equals <cves_any_item_equals>

Only show Redflag resources where field ‘CVE’ ‘any-item-equals’ provided.

--description-ends-with <description_ends_with>

Only show Redflag resources where field ‘Description’ ‘ends-with’ provided.

--description-starts-with <description_starts_with>

Only show Redflag resources where field ‘Description’ ‘starts-with’ provided.

--description-not-contains <description_not_contains>

Only show Redflag resources where field ‘Description’ ‘not-contains’ provided.

--description-contains <description_contains>

Only show Redflag resources where field ‘Description’ ‘contains’ provided.

--description-not-equals <description_not_equals>

Only show Redflag resources where field ‘Description’ ‘not-equals’ provided.

--description-equals <description_equals>

Only show Redflag resources where field ‘Description’ ‘equals’ provided.

--euser-ends-with <euser_ends_with>

Only show Redflag resources where field ‘Effective User Name’ ‘ends-with’ provided.

--euser-starts-with <euser_starts_with>

Only show Redflag resources where field ‘Effective User Name’ ‘starts-with’ provided.

--euser-not-contains <euser_not_contains>

Only show Redflag resources where field ‘Effective User Name’ ‘not-contains’ provided.

--euser-contains <euser_contains>

Only show Redflag resources where field ‘Effective User Name’ ‘contains’ provided.

--euser-not-equals <euser_not_equals>

Only show Redflag resources where field ‘Effective User Name’ ‘not-equals’ provided.

--euser-equals <euser_equals>

Only show Redflag resources where field ‘Effective User Name’ ‘equals’ provided.

--is-false-positive <is_false_positive>

Only show Redflag resources where field ‘Is Exception’ matches the provided boolean value.

--flag-class-ends-with <flag_class_ends_with>

Only show Redflag resources where field ‘Class’ ‘ends-with’ provided.

--flag-class-starts-with <flag_class_starts_with>

Only show Redflag resources where field ‘Class’ ‘starts-with’ provided.

--flag-class-not-contains <flag_class_not_contains>

Only show Redflag resources where field ‘Class’ ‘not-contains’ provided.

--flag-class-contains <flag_class_contains>

Only show Redflag resources where field ‘Class’ ‘contains’ provided.

--flag-class-not-equals <flag_class_not_equals>

Only show Redflag resources where field ‘Class’ ‘not-equals’ provided.

--flag-class-equals <flag_class_equals>

Only show Redflag resources where field ‘Class’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Redflag resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Redflag resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Redflag resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Redflag resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Redflag resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Redflag resources where field ‘UID’ ‘equals’ provided.

--impact-ends-with <impact_ends_with>

Only show Redflag resources where field ‘Impact’ ‘ends-with’ provided.

--impact-starts-with <impact_starts_with>

Only show Redflag resources where field ‘Impact’ ‘starts-with’ provided.

--impact-not-contains <impact_not_contains>

Only show Redflag resources where field ‘Impact’ ‘not-contains’ provided.

--impact-contains <impact_contains>

Only show Redflag resources where field ‘Impact’ ‘contains’ provided.

--impact-not-equals <impact_not_equals>

Only show Redflag resources where field ‘Impact’ ‘not-equals’ provided.

--impact-equals <impact_equals>

Only show Redflag resources where field ‘Impact’ ‘equals’ provided.

--local-ip-not-in-subnet <local_ip_not_in_subnet>

Only show Redflag resources where field ‘Local IP’ ‘not-in-subnet’ provided.

--local-ip-in-subnet <local_ip_in_subnet>

Only show Redflag resources where field ‘Local IP’ ‘in-subnet’ provided.

--local-ip-not-equals <local_ip_not_equals>

Only show Redflag resources where field ‘Local IP’ ‘not-equals’ provided.

--local-ip-equals <local_ip_equals>

Only show Redflag resources where field ‘Local IP’ ‘equals’ provided.

--local-port-lt <local_port_lt>

Only show Redflag resources where field ‘Local port’ ‘lt’ provided.

--local-port-gte <local_port_gte>

Only show Redflag resources where field ‘Local port’ ‘gte’ provided.

--local-port-gt <local_port_gt>

Only show Redflag resources where field ‘Local port’ ‘gt’ provided.

--local-port-not-equals <local_port_not_equals>

Only show Redflag resources where field ‘Local port’ ‘not-equals’ provided.

--local-port-equals <local_port_equals>

Only show Redflag resources where field ‘Local port’ ‘equals’ provided.

--mitre-code-all-items-not-contains <mitre_code_all_items_not_contains>

Only show Redflag resources where field ‘MITRE Code’ ‘all-items-not-contains’ provided.

--mitre-code-all-items-not-equals <mitre_code_all_items_not_equals>

Only show Redflag resources where field ‘MITRE Code’ ‘all-items-not-equals’ provided.

--mitre-code-any-item-contains <mitre_code_any_item_contains>

Only show Redflag resources where field ‘MITRE Code’ ‘any-item-contains’ provided.

--mitre-code-any-item-equals <mitre_code_any_item_equals>

Only show Redflag resources where field ‘MITRE Code’ ‘any-item-equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Redflag resources where field ‘Machine UIDs’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Redflag resources where field ‘Machine UIDs’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Redflag resources where field ‘Machine UIDs’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Redflag resources where field ‘Machine UIDs’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Redflag resources where field ‘Machine UIDs’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Redflag resources where field ‘Machine UIDs’ ‘equals’ provided.

--name-ends-with <name_ends_with>

Only show Redflag resources where field ‘Process Name’ ‘ends-with’ provided.

--name-starts-with <name_starts_with>

Only show Redflag resources where field ‘Process Name’ ‘starts-with’ provided.

--name-not-contains <name_not_contains>

Only show Redflag resources where field ‘Process Name’ ‘not-contains’ provided.

--name-contains <name_contains>

Only show Redflag resources where field ‘Process Name’ ‘contains’ provided.

--name-not-equals <name_not_equals>

Only show Redflag resources where field ‘Process Name’ ‘not-equals’ provided.

--name-equals <name_equals>

Only show Redflag resources where field ‘Process Name’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Redflag resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Redflag resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Redflag resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Redflag resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Redflag resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Redflag resources where field ‘original_schema’ ‘equals’ provided.

--pod-namespace-ends-with <pod_namespace_ends_with>

Only show Redflag resources where field ‘Pod Namespace’ ‘ends-with’ provided.

--pod-namespace-starts-with <pod_namespace_starts_with>

Only show Redflag resources where field ‘Pod Namespace’ ‘starts-with’ provided.

--pod-namespace-not-contains <pod_namespace_not_contains>

Only show Redflag resources where field ‘Pod Namespace’ ‘not-contains’ provided.

--pod-namespace-contains <pod_namespace_contains>

Only show Redflag resources where field ‘Pod Namespace’ ‘contains’ provided.

--pod-namespace-not-equals <pod_namespace_not_equals>

Only show Redflag resources where field ‘Pod Namespace’ ‘not-equals’ provided.

--pod-namespace-equals <pod_namespace_equals>

Only show Redflag resources where field ‘Pod Namespace’ ‘equals’ provided.

--pod-uid-ends-with <pod_uid_ends_with>

Only show Redflag resources where field ‘Pod UID’ ‘ends-with’ provided.

--pod-uid-starts-with <pod_uid_starts_with>

Only show Redflag resources where field ‘Pod UID’ ‘starts-with’ provided.

--pod-uid-not-contains <pod_uid_not_contains>

Only show Redflag resources where field ‘Pod UID’ ‘not-contains’ provided.

--pod-uid-contains <pod_uid_contains>

Only show Redflag resources where field ‘Pod UID’ ‘contains’ provided.

--pod-uid-not-equals <pod_uid_not_equals>

Only show Redflag resources where field ‘Pod UID’ ‘not-equals’ provided.

--pod-uid-equals <pod_uid_equals>

Only show Redflag resources where field ‘Pod UID’ ‘equals’ provided.

--policy-name-ends-with <policy_name_ends_with>

Only show Redflag resources where field ‘Policy Name’ ‘ends-with’ provided.

--policy-name-starts-with <policy_name_starts_with>

Only show Redflag resources where field ‘Policy Name’ ‘starts-with’ provided.

--policy-name-not-contains <policy_name_not_contains>

Only show Redflag resources where field ‘Policy Name’ ‘not-contains’ provided.

--policy-name-contains <policy_name_contains>

Only show Redflag resources where field ‘Policy Name’ ‘contains’ provided.

--policy-name-not-equals <policy_name_not_equals>

Only show Redflag resources where field ‘Policy Name’ ‘not-equals’ provided.

--policy-name-equals <policy_name_equals>

Only show Redflag resources where field ‘Policy Name’ ‘equals’ provided.

--policy-uid-ends-with <policy_uid_ends_with>

Only show Redflag resources where field ‘Policy UID’ ‘ends-with’ provided.

--policy-uid-starts-with <policy_uid_starts_with>

Only show Redflag resources where field ‘Policy UID’ ‘starts-with’ provided.

--policy-uid-not-contains <policy_uid_not_contains>

Only show Redflag resources where field ‘Policy UID’ ‘not-contains’ provided.

--policy-uid-contains <policy_uid_contains>

Only show Redflag resources where field ‘Policy UID’ ‘contains’ provided.

--policy-uid-not-equals <policy_uid_not_equals>

Only show Redflag resources where field ‘Policy UID’ ‘not-equals’ provided.

--policy-uid-equals <policy_uid_equals>

Only show Redflag resources where field ‘Policy UID’ ‘equals’ provided.

--ref-ends-with <ref_ends_with>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘ends-with’ provided.

--ref-starts-with <ref_starts_with>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘starts-with’ provided.

--ref-not-contains <ref_not_contains>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘not-contains’ provided.

--ref-contains <ref_contains>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘contains’ provided.

--ref-not-equals <ref_not_equals>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘not-equals’ provided.

--ref-equals <ref_equals>

Only show Redflag resources where field ‘Reference Object UIDs’ ‘equals’ provided.

--remote-ip-not-in-subnet <remote_ip_not_in_subnet>

Only show Redflag resources where field ‘Remote IP’ ‘not-in-subnet’ provided.

--remote-ip-in-subnet <remote_ip_in_subnet>

Only show Redflag resources where field ‘Remote IP’ ‘in-subnet’ provided.

--remote-ip-not-equals <remote_ip_not_equals>

Only show Redflag resources where field ‘Remote IP’ ‘not-equals’ provided.

--remote-ip-equals <remote_ip_equals>

Only show Redflag resources where field ‘Remote IP’ ‘equals’ provided.

--remote-port-lt <remote_port_lt>

Only show Redflag resources where field ‘Remote Port’ ‘lt’ provided.

--remote-port-gte <remote_port_gte>

Only show Redflag resources where field ‘Remote Port’ ‘gte’ provided.

--remote-port-gt <remote_port_gt>

Only show Redflag resources where field ‘Remote Port’ ‘gt’ provided.

--remote-port-not-equals <remote_port_not_equals>

Only show Redflag resources where field ‘Remote Port’ ‘not-equals’ provided.

--remote-port-equals <remote_port_equals>

Only show Redflag resources where field ‘Remote Port’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Redflag resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Redflag resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Redflag resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Redflag resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Redflag resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Redflag resources where field ‘Schema’ ‘equals’ provided.

--severity-ends-with <severity_ends_with>

Only show Redflag resources where field ‘Severity’ ‘ends-with’ provided.

--severity-starts-with <severity_starts_with>

Only show Redflag resources where field ‘Severity’ ‘starts-with’ provided.

--severity-not-contains <severity_not_contains>

Only show Redflag resources where field ‘Severity’ ‘not-contains’ provided.

--severity-contains <severity_contains>

Only show Redflag resources where field ‘Severity’ ‘contains’ provided.

--severity-not-equals <severity_not_equals>

Only show Redflag resources where field ‘Severity’ ‘not-equals’ provided.

--severity-equals <severity_equals>

Only show Redflag resources where field ‘Severity’ ‘equals’ provided.

--short-name-ends-with <short_name_ends_with>

Only show Redflag resources where field ‘Short Name’ ‘ends-with’ provided.

--short-name-starts-with <short_name_starts_with>

Only show Redflag resources where field ‘Short Name’ ‘starts-with’ provided.

--short-name-not-contains <short_name_not_contains>

Only show Redflag resources where field ‘Short Name’ ‘not-contains’ provided.

--short-name-contains <short_name_contains>

Only show Redflag resources where field ‘Short Name’ ‘contains’ provided.

--short-name-not-equals <short_name_not_equals>

Only show Redflag resources where field ‘Short Name’ ‘not-equals’ provided.

--short-name-equals <short_name_equals>

Only show Redflag resources where field ‘Short Name’ ‘equals’ provided.

--traces-all-items-not-contains <traces_all_items_not_contains>

Only show Redflag resources where field ‘Spydertrace UIDs’ ‘all-items-not-contains’ provided.

--traces-all-items-not-equals <traces_all_items_not_equals>

Only show Redflag resources where field ‘Spydertrace UIDs’ ‘all-items-not-equals’ provided.

--traces-any-item-contains <traces_any_item_contains>

Only show Redflag resources where field ‘Spydertrace UIDs’ ‘any-item-contains’ provided.

--traces-any-item-equals <traces_any_item_equals>

Only show Redflag resources where field ‘Spydertrace UIDs’ ‘any-item-equals’ provided.

--uptime-lt <uptime_lt>

Only show Redflag resources where field ‘Uptime’ ‘lt’ provided.

--uptime-gte <uptime_gte>

Only show Redflag resources where field ‘Uptime’ ‘gte’ provided.

--uptime-gt <uptime_gt>

Only show Redflag resources where field ‘Uptime’ ‘gt’ provided.

--uptime-not-equals <uptime_not_equals>

Only show Redflag resources where field ‘Uptime’ ‘not-equals’ provided.

--uptime-equals <uptime_equals>

Only show Redflag resources where field ‘Uptime’ ‘equals’ provided.

--include-exceptions

Include redflags marked as exceptions in output. Off by default.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

replicasets

Get replicasets by name or id.

spyctl get replicasets [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Replicaset resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Replicaset resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Replicaset resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Replicaset resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Replicaset resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Replicaset resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Replicaset resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Replicaset resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Replicaset resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Replicaset resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Replicaset resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Replicaset resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Replicaset resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Replicaset resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Replicaset resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Replicaset resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Replicaset resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Replicaset resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Replicaset resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Replicaset resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Replicaset resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Replicaset resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Replicaset resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Replicaset resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Replicaset resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Replicaset resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Replicaset resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Replicaset resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Replicaset resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Replicaset resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Replicaset resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Replicaset resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Replicaset resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Replicaset resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Replicaset resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Replicaset resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Replicaset resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Replicaset resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Replicaset resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Replicaset resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Replicaset resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Replicaset resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Replicaset resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Replicaset resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Replicaset resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Replicaset resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Replicaset resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Replicaset resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Replicaset resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Replicaset resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Replicaset resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Replicaset resources where field ‘original_schema’ ‘equals’ provided.

--owner-name-ends-with <owner_name_ends_with>

Only show Replicaset resources where field ‘Owner name’ ‘ends-with’ provided.

--owner-name-starts-with <owner_name_starts_with>

Only show Replicaset resources where field ‘Owner name’ ‘starts-with’ provided.

--owner-name-not-contains <owner_name_not_contains>

Only show Replicaset resources where field ‘Owner name’ ‘not-contains’ provided.

--owner-name-contains <owner_name_contains>

Only show Replicaset resources where field ‘Owner name’ ‘contains’ provided.

--owner-name-not-equals <owner_name_not_equals>

Only show Replicaset resources where field ‘Owner name’ ‘not-equals’ provided.

--owner-name-equals <owner_name_equals>

Only show Replicaset resources where field ‘Owner name’ ‘equals’ provided.

--owner-uid-ends-with <owner_uid_ends_with>

Only show Replicaset resources where field ‘Owner UID’ ‘ends-with’ provided.

--owner-uid-starts-with <owner_uid_starts_with>

Only show Replicaset resources where field ‘Owner UID’ ‘starts-with’ provided.

--owner-uid-not-contains <owner_uid_not_contains>

Only show Replicaset resources where field ‘Owner UID’ ‘not-contains’ provided.

--owner-uid-contains <owner_uid_contains>

Only show Replicaset resources where field ‘Owner UID’ ‘contains’ provided.

--owner-uid-not-equals <owner_uid_not_equals>

Only show Replicaset resources where field ‘Owner UID’ ‘not-equals’ provided.

--owner-uid-equals <owner_uid_equals>

Only show Replicaset resources where field ‘Owner UID’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Replicaset resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Replicaset resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Replicaset resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Replicaset resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Replicaset resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Replicaset resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Replicaset resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Replicaset resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Replicaset resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Replicaset resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Replicaset resources where field ‘Schema’ ‘equals’ provided.

--spec_replicas-lt <spec_replicas_lt>

Only show Replicaset resources where field ‘Replicas’ ‘lt’ provided.

--spec_replicas-gte <spec_replicas_gte>

Only show Replicaset resources where field ‘Replicas’ ‘gte’ provided.

--spec_replicas-gt <spec_replicas_gt>

Only show Replicaset resources where field ‘Replicas’ ‘gt’ provided.

--spec_replicas-not-equals <spec_replicas_not_equals>

Only show Replicaset resources where field ‘Replicas’ ‘not-equals’ provided.

--spec_replicas-equals <spec_replicas_equals>

Only show Replicaset resources where field ‘Replicas’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Replicaset resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Replicaset resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Replicaset resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Replicaset resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Replicaset resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Replicaset resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

rolebindings

Get rolebindings by name or id.

spyctl get rolebindings [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Role Binding resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Role Binding resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Role Binding resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Role Binding resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Role Binding resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Role Binding resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Role Binding resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Role Binding resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Role Binding resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Role Binding resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Role Binding resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Role Binding resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Role Binding resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Role Binding resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Role Binding resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Role Binding resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Role Binding resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Role Binding resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Role Binding resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Role Binding resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Role Binding resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Role Binding resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Role Binding resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Role Binding resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Role Binding resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Role Binding resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Role Binding resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Role Binding resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Role Binding resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Role Binding resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Role Binding resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Role Binding resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Role Binding resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Role Binding resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Role Binding resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Role Binding resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Role Binding resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Role Binding resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Role Binding resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Role Binding resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Role Binding resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Role Binding resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Role Binding resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Role Binding resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Role Binding resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Role Binding resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Role Binding resources where field ‘Original schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Role Binding resources where field ‘Original schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Role Binding resources where field ‘Original schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Role Binding resources where field ‘Original schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Role Binding resources where field ‘Original schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Role Binding resources where field ‘Original schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Role Binding resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Role Binding resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Role Binding resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Role Binding resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Role Binding resources where field ‘Red Flag Count’ ‘equals’ provided.

--roleRef_role-uid-ends-with <roleref_role_uid_ends_with>

Only show Role Binding resources where field ‘Role UID’ ‘ends-with’ provided.

--roleRef_role-uid-starts-with <roleref_role_uid_starts_with>

Only show Role Binding resources where field ‘Role UID’ ‘starts-with’ provided.

--roleRef_role-uid-not-contains <roleref_role_uid_not_contains>

Only show Role Binding resources where field ‘Role UID’ ‘not-contains’ provided.

--roleRef_role-uid-contains <roleref_role_uid_contains>

Only show Role Binding resources where field ‘Role UID’ ‘contains’ provided.

--roleRef_role-uid-not-equals <roleref_role_uid_not_equals>

Only show Role Binding resources where field ‘Role UID’ ‘not-equals’ provided.

--roleRef_role-uid-equals <roleref_role_uid_equals>

Only show Role Binding resources where field ‘Role UID’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Role Binding resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Role Binding resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Role Binding resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Role Binding resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Role Binding resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Role Binding resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Role Binding resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Role Binding resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Role Binding resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Role Binding resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Role Binding resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Role Binding resources where field ‘Status’ ‘equals’ provided.

--subject-uids-all-items-not-contains <subject_uids_all_items_not_contains>

Only show Role Binding resources where field ‘Subjects’ ‘all-items-not-contains’ provided.

--subject-uids-all-items-not-equals <subject_uids_all_items_not_equals>

Only show Role Binding resources where field ‘Subjects’ ‘all-items-not-equals’ provided.

--subject-uids-any-item-contains <subject_uids_any_item_contains>

Only show Role Binding resources where field ‘Subjects’ ‘any-item-contains’ provided.

--subject-uids-any-item-equals <subject_uids_any_item_equals>

Only show Role Binding resources where field ‘Subjects’ ‘any-item-equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

roles

Get roles by name or id.

spyctl get roles [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Role resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Role resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Role resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Role resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Role resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Role resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Role resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Role resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Role resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Role resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Role resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Role resources where field ‘Cluster UID’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Role resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Role resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Role resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Role resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Role resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Role resources where field ‘UID’ ‘equals’ provided.

--kind-ends-with <kind_ends_with>

Only show Role resources where field ‘Kind’ ‘ends-with’ provided.

--kind-starts-with <kind_starts_with>

Only show Role resources where field ‘Kind’ ‘starts-with’ provided.

--kind-not-contains <kind_not_contains>

Only show Role resources where field ‘Kind’ ‘not-contains’ provided.

--kind-contains <kind_contains>

Only show Role resources where field ‘Kind’ ‘contains’ provided.

--kind-not-equals <kind_not_equals>

Only show Role resources where field ‘Kind’ ‘not-equals’ provided.

--kind-equals <kind_equals>

Only show Role resources where field ‘Kind’ ‘equals’ provided.

--metadata_labels-any-value-contains <metadata_labels_any_value_contains>

Only show Role resources where field ‘Labels’ ‘any-value-contains’ provided.

--metadata_labels-any-value-equals <metadata_labels_any_value_equals>

Only show Role resources where field ‘Labels’ ‘any-value-equals’ provided.

--metadata_labels-any-key-contains <metadata_labels_any_key_contains>

Only show Role resources where field ‘Labels’ ‘any-key-contains’ provided.

--metadata_labels-any-key-equals <metadata_labels_any_key_equals>

Only show Role resources where field ‘Labels’ ‘any-key-equals’ provided.

--metadata_name-ends-with <metadata_name_ends_with>

Only show Role resources where field ‘Name’ ‘ends-with’ provided.

--metadata_name-starts-with <metadata_name_starts_with>

Only show Role resources where field ‘Name’ ‘starts-with’ provided.

--metadata_name-not-contains <metadata_name_not_contains>

Only show Role resources where field ‘Name’ ‘not-contains’ provided.

--metadata_name-contains <metadata_name_contains>

Only show Role resources where field ‘Name’ ‘contains’ provided.

--metadata_name-not-equals <metadata_name_not_equals>

Only show Role resources where field ‘Name’ ‘not-equals’ provided.

--metadata_name-equals <metadata_name_equals>

Only show Role resources where field ‘Name’ ‘equals’ provided.

--metadata_namespace-ends-with <metadata_namespace_ends_with>

Only show Role resources where field ‘Namespace’ ‘ends-with’ provided.

--metadata_namespace-starts-with <metadata_namespace_starts_with>

Only show Role resources where field ‘Namespace’ ‘starts-with’ provided.

--metadata_namespace-not-contains <metadata_namespace_not_contains>

Only show Role resources where field ‘Namespace’ ‘not-contains’ provided.

--metadata_namespace-contains <metadata_namespace_contains>

Only show Role resources where field ‘Namespace’ ‘contains’ provided.

--metadata_namespace-not-equals <metadata_namespace_not_equals>

Only show Role resources where field ‘Namespace’ ‘not-equals’ provided.

--metadata_namespace-equals <metadata_namespace_equals>

Only show Role resources where field ‘Namespace’ ‘equals’ provided.

--metadata_uid-ends-with <metadata_uid_ends_with>

Only show Role resources where field ‘Kubernetes UID’ ‘ends-with’ provided.

--metadata_uid-starts-with <metadata_uid_starts_with>

Only show Role resources where field ‘Kubernetes UID’ ‘starts-with’ provided.

--metadata_uid-not-contains <metadata_uid_not_contains>

Only show Role resources where field ‘Kubernetes UID’ ‘not-contains’ provided.

--metadata_uid-contains <metadata_uid_contains>

Only show Role resources where field ‘Kubernetes UID’ ‘contains’ provided.

--metadata_uid-not-equals <metadata_uid_not_equals>

Only show Role resources where field ‘Kubernetes UID’ ‘not-equals’ provided.

--metadata_uid-equals <metadata_uid_equals>

Only show Role resources where field ‘Kubernetes UID’ ‘equals’ provided.

--ops-flag-count-lt <ops_flag_count_lt>

Only show Role resources where field ‘Ops Flag Count’ ‘lt’ provided.

--ops-flag-count-gte <ops_flag_count_gte>

Only show Role resources where field ‘Ops Flag Count’ ‘gte’ provided.

--ops-flag-count-gt <ops_flag_count_gt>

Only show Role resources where field ‘Ops Flag Count’ ‘gt’ provided.

--ops-flag-count-not-equals <ops_flag_count_not_equals>

Only show Role resources where field ‘Ops Flag Count’ ‘not-equals’ provided.

--ops-flag-count-equals <ops_flag_count_equals>

Only show Role resources where field ‘Ops Flag Count’ ‘equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Role resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Role resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Role resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Role resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Role resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Role resources where field ‘original_schema’ ‘equals’ provided.

--red-flag-count-lt <red_flag_count_lt>

Only show Role resources where field ‘Red Flag Count’ ‘lt’ provided.

--red-flag-count-gte <red_flag_count_gte>

Only show Role resources where field ‘Red Flag Count’ ‘gte’ provided.

--red-flag-count-gt <red_flag_count_gt>

Only show Role resources where field ‘Red Flag Count’ ‘gt’ provided.

--red-flag-count-not-equals <red_flag_count_not_equals>

Only show Role resources where field ‘Red Flag Count’ ‘not-equals’ provided.

--red-flag-count-equals <red_flag_count_equals>

Only show Role resources where field ‘Red Flag Count’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Role resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Role resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Role resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Role resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Role resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Role resources where field ‘Schema’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Role resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Role resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Role resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Role resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Role resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Role resources where field ‘Status’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

rulesets

Get rulesets by name or id.

spyctl get rulesets [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--from-archive

Retrieve archived ruleset versions.

--version <version>

Retrieve archived rulesets with a specific version.

--type <type>

The type of ruleset to return.

Options:

cluster | container

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

saved-queries

Get saved_queries by name or id.

spyctl get saved-queries [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

--reversed

Reverse the order of the results.

--query-contains <query_contains>

Filter by saved query query containing the specified string.

--query-equals <query_equals>

Filter by saved query query matching the specified string.

--schema-equals <schema_equals>

Filter by saved query schema matching the specified string.

--sort-by <sort_by>

Sort by the specified field.

Options:

name | description | query | schema | create_time | last_used

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

sources

Get sources by name or id.

spyctl get sources [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--include-expired

Include expired sources in the output. Expired sources are those that have not produced new data in over 24 hours. The may come back online at any time.

--exclude-clustermonitors

Exclude the cluster monitor source from the output.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

spydertraces

Get spydertraces by name or id.

spyctl get spydertraces [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--cluster-name-ends-with <cluster_name_ends_with>

Only show Spydertrace resources where field ‘Cluster Name’ ‘ends-with’ provided.

--cluster-name-starts-with <cluster_name_starts_with>

Only show Spydertrace resources where field ‘Cluster Name’ ‘starts-with’ provided.

--cluster-name-not-contains <cluster_name_not_contains>

Only show Spydertrace resources where field ‘Cluster Name’ ‘not-contains’ provided.

--cluster-name-contains <cluster_name_contains>

Only show Spydertrace resources where field ‘Cluster Name’ ‘contains’ provided.

--cluster-name-not-equals <cluster_name_not_equals>

Only show Spydertrace resources where field ‘Cluster Name’ ‘not-equals’ provided.

--cluster-name-equals <cluster_name_equals>

Only show Spydertrace resources where field ‘Cluster Name’ ‘equals’ provided.

--cluster-uid-ends-with <cluster_uid_ends_with>

Only show Spydertrace resources where field ‘Cluster UID’ ‘ends-with’ provided.

--cluster-uid-starts-with <cluster_uid_starts_with>

Only show Spydertrace resources where field ‘Cluster UID’ ‘starts-with’ provided.

--cluster-uid-not-contains <cluster_uid_not_contains>

Only show Spydertrace resources where field ‘Cluster UID’ ‘not-contains’ provided.

--cluster-uid-contains <cluster_uid_contains>

Only show Spydertrace resources where field ‘Cluster UID’ ‘contains’ provided.

--cluster-uid-not-equals <cluster_uid_not_equals>

Only show Spydertrace resources where field ‘Cluster UID’ ‘not-equals’ provided.

--cluster-uid-equals <cluster_uid_equals>

Only show Spydertrace resources where field ‘Cluster UID’ ‘equals’ provided.

--container-uid-ends-with <container_uid_ends_with>

Only show Spydertrace resources where field ‘Container UID’ ‘ends-with’ provided.

--container-uid-starts-with <container_uid_starts_with>

Only show Spydertrace resources where field ‘Container UID’ ‘starts-with’ provided.

--container-uid-not-contains <container_uid_not_contains>

Only show Spydertrace resources where field ‘Container UID’ ‘not-contains’ provided.

--container-uid-contains <container_uid_contains>

Only show Spydertrace resources where field ‘Container UID’ ‘contains’ provided.

--container-uid-not-equals <container_uid_not_equals>

Only show Spydertrace resources where field ‘Container UID’ ‘not-equals’ provided.

--container-uid-equals <container_uid_equals>

Only show Spydertrace resources where field ‘Container UID’ ‘equals’ provided.

--flag-count-lt <flag_count_lt>

Only show Spydertrace resources where field ‘Flag Count’ ‘lt’ provided.

--flag-count-gte <flag_count_gte>

Only show Spydertrace resources where field ‘Flag Count’ ‘gte’ provided.

--flag-count-gt <flag_count_gt>

Only show Spydertrace resources where field ‘Flag Count’ ‘gt’ provided.

--flag-count-not-equals <flag_count_not_equals>

Only show Spydertrace resources where field ‘Flag Count’ ‘not-equals’ provided.

--flag-count-equals <flag_count_equals>

Only show Spydertrace resources where field ‘Flag Count’ ‘equals’ provided.

--hostname-ends-with <hostname_ends_with>

Only show Spydertrace resources where field ‘Hostname’ ‘ends-with’ provided.

--hostname-starts-with <hostname_starts_with>

Only show Spydertrace resources where field ‘Hostname’ ‘starts-with’ provided.

--hostname-not-contains <hostname_not_contains>

Only show Spydertrace resources where field ‘Hostname’ ‘not-contains’ provided.

--hostname-contains <hostname_contains>

Only show Spydertrace resources where field ‘Hostname’ ‘contains’ provided.

--hostname-not-equals <hostname_not_equals>

Only show Spydertrace resources where field ‘Hostname’ ‘not-equals’ provided.

--hostname-equals <hostname_equals>

Only show Spydertrace resources where field ‘Hostname’ ‘equals’ provided.

--id-ends-with <id_ends_with>

Only show Spydertrace resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show Spydertrace resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show Spydertrace resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show Spydertrace resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show Spydertrace resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show Spydertrace resources where field ‘UID’ ‘equals’ provided.

--image-ends-with <image_ends_with>

Only show Spydertrace resources where field ‘Image’ ‘ends-with’ provided.

--image-starts-with <image_starts_with>

Only show Spydertrace resources where field ‘Image’ ‘starts-with’ provided.

--image-not-contains <image_not_contains>

Only show Spydertrace resources where field ‘Image’ ‘not-contains’ provided.

--image-contains <image_contains>

Only show Spydertrace resources where field ‘Image’ ‘contains’ provided.

--image-not-equals <image_not_equals>

Only show Spydertrace resources where field ‘Image’ ‘not-equals’ provided.

--image-equals <image_equals>

Only show Spydertrace resources where field ‘Image’ ‘equals’ provided.

--is-interactive <is_interactive>

Only show Spydertrace resources where field ‘Is Interactive’ matches the provided boolean value.

--interactive-users-all-items-not-contains <interactive_users_all_items_not_contains>

Only show Spydertrace resources where field ‘Interactive Users’ ‘all-items-not-contains’ provided.

--interactive-users-all-items-not-equals <interactive_users_all_items_not_equals>

Only show Spydertrace resources where field ‘Interactive Users’ ‘all-items-not-equals’ provided.

--interactive-users-any-item-contains <interactive_users_any_item_contains>

Only show Spydertrace resources where field ‘Interactive Users’ ‘any-item-contains’ provided.

--interactive-users-any-item-equals <interactive_users_any_item_equals>

Only show Spydertrace resources where field ‘Interactive Users’ ‘any-item-equals’ provided.

--muid-ends-with <muid_ends_with>

Only show Spydertrace resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show Spydertrace resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show Spydertrace resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show Spydertrace resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show Spydertrace resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show Spydertrace resources where field ‘Machine UID’ ‘equals’ provided.

--namespace-ends-with <namespace_ends_with>

Only show Spydertrace resources where field ‘Namespace’ ‘ends-with’ provided.

--namespace-starts-with <namespace_starts_with>

Only show Spydertrace resources where field ‘Namespace’ ‘starts-with’ provided.

--namespace-not-contains <namespace_not_contains>

Only show Spydertrace resources where field ‘Namespace’ ‘not-contains’ provided.

--namespace-contains <namespace_contains>

Only show Spydertrace resources where field ‘Namespace’ ‘contains’ provided.

--namespace-not-equals <namespace_not_equals>

Only show Spydertrace resources where field ‘Namespace’ ‘not-equals’ provided.

--namespace-equals <namespace_equals>

Only show Spydertrace resources where field ‘Namespace’ ‘equals’ provided.

--non-interactive-users-all-items-not-contains <non_interactive_users_all_items_not_contains>

Only show Spydertrace resources where field ‘Non-Interactive Users’ ‘all-items-not-contains’ provided.

--non-interactive-users-all-items-not-equals <non_interactive_users_all_items_not_equals>

Only show Spydertrace resources where field ‘Non-Interactive Users’ ‘all-items-not-equals’ provided.

--non-interactive-users-any-item-contains <non_interactive_users_any_item_contains>

Only show Spydertrace resources where field ‘Non-Interactive Users’ ‘any-item-contains’ provided.

--non-interactive-users-any-item-equals <non_interactive_users_any_item_equals>

Only show Spydertrace resources where field ‘Non-Interactive Users’ ‘any-item-equals’ provided.

--original-schema-ends-with <original_schema_ends_with>

Only show Spydertrace resources where field ‘original_schema’ ‘ends-with’ provided.

--original-schema-starts-with <original_schema_starts_with>

Only show Spydertrace resources where field ‘original_schema’ ‘starts-with’ provided.

--original-schema-not-contains <original_schema_not_contains>

Only show Spydertrace resources where field ‘original_schema’ ‘not-contains’ provided.

--original-schema-contains <original_schema_contains>

Only show Spydertrace resources where field ‘original_schema’ ‘contains’ provided.

--original-schema-not-equals <original_schema_not_equals>

Only show Spydertrace resources where field ‘original_schema’ ‘not-equals’ provided.

--original-schema-equals <original_schema_equals>

Only show Spydertrace resources where field ‘original_schema’ ‘equals’ provided.

--is-overtaken <is_overtaken>

Only show Spydertrace resources where field ‘Is Overtaken’ matches the provided boolean value.

--policy-name-ends-with <policy_name_ends_with>

Only show Spydertrace resources where field ‘Policy Name’ ‘ends-with’ provided.

--policy-name-starts-with <policy_name_starts_with>

Only show Spydertrace resources where field ‘Policy Name’ ‘starts-with’ provided.

--policy-name-not-contains <policy_name_not_contains>

Only show Spydertrace resources where field ‘Policy Name’ ‘not-contains’ provided.

--policy-name-contains <policy_name_contains>

Only show Spydertrace resources where field ‘Policy Name’ ‘contains’ provided.

--policy-name-not-equals <policy_name_not_equals>

Only show Spydertrace resources where field ‘Policy Name’ ‘not-equals’ provided.

--policy-name-equals <policy_name_equals>

Only show Spydertrace resources where field ‘Policy Name’ ‘equals’ provided.

--policy-uid-ends-with <policy_uid_ends_with>

Only show Spydertrace resources where field ‘Policy UID’ ‘ends-with’ provided.

--policy-uid-starts-with <policy_uid_starts_with>

Only show Spydertrace resources where field ‘Policy UID’ ‘starts-with’ provided.

--policy-uid-not-contains <policy_uid_not_contains>

Only show Spydertrace resources where field ‘Policy UID’ ‘not-contains’ provided.

--policy-uid-contains <policy_uid_contains>

Only show Spydertrace resources where field ‘Policy UID’ ‘contains’ provided.

--policy-uid-not-equals <policy_uid_not_equals>

Only show Spydertrace resources where field ‘Policy UID’ ‘not-equals’ provided.

--policy-uid-equals <policy_uid_equals>

Only show Spydertrace resources where field ‘Policy UID’ ‘equals’ provided.

--root-proc-name-ends-with <root_proc_name_ends_with>

Only show Spydertrace resources where field ‘Root Process Name’ ‘ends-with’ provided.

--root-proc-name-starts-with <root_proc_name_starts_with>

Only show Spydertrace resources where field ‘Root Process Name’ ‘starts-with’ provided.

--root-proc-name-not-contains <root_proc_name_not_contains>

Only show Spydertrace resources where field ‘Root Process Name’ ‘not-contains’ provided.

--root-proc-name-contains <root_proc_name_contains>

Only show Spydertrace resources where field ‘Root Process Name’ ‘contains’ provided.

--root-proc-name-not-equals <root_proc_name_not_equals>

Only show Spydertrace resources where field ‘Root Process Name’ ‘not-equals’ provided.

--root-proc-name-equals <root_proc_name_equals>

Only show Spydertrace resources where field ‘Root Process Name’ ‘equals’ provided.

--schema-ends-with <schema_ends_with>

Only show Spydertrace resources where field ‘Schema’ ‘ends-with’ provided.

--schema-starts-with <schema_starts_with>

Only show Spydertrace resources where field ‘Schema’ ‘starts-with’ provided.

--schema-not-contains <schema_not_contains>

Only show Spydertrace resources where field ‘Schema’ ‘not-contains’ provided.

--schema-contains <schema_contains>

Only show Spydertrace resources where field ‘Schema’ ‘contains’ provided.

--schema-not-equals <schema_not_equals>

Only show Spydertrace resources where field ‘Schema’ ‘not-equals’ provided.

--schema-equals <schema_equals>

Only show Spydertrace resources where field ‘Schema’ ‘equals’ provided.

--score-lt <score_lt>

Only show Spydertrace resources where field ‘Score’ ‘lt’ provided.

--score-gte <score_gte>

Only show Spydertrace resources where field ‘Score’ ‘gte’ provided.

--score-gt <score_gt>

Only show Spydertrace resources where field ‘Score’ ‘gt’ provided.

--score-not-equals <score_not_equals>

Only show Spydertrace resources where field ‘Score’ ‘not-equals’ provided.

--score-equals <score_equals>

Only show Spydertrace resources where field ‘Score’ ‘equals’ provided.

--status-ends-with <status_ends_with>

Only show Spydertrace resources where field ‘Status’ ‘ends-with’ provided.

--status-starts-with <status_starts_with>

Only show Spydertrace resources where field ‘Status’ ‘starts-with’ provided.

--status-not-contains <status_not_contains>

Only show Spydertrace resources where field ‘Status’ ‘not-contains’ provided.

--status-contains <status_contains>

Only show Spydertrace resources where field ‘Status’ ‘contains’ provided.

--status-not-equals <status_not_equals>

Only show Spydertrace resources where field ‘Status’ ‘not-equals’ provided.

--status-equals <status_equals>

Only show Spydertrace resources where field ‘Status’ ‘equals’ provided.

--is-suppressed <is_suppressed>

Only show Spydertrace resources where field ‘Is Suppressed’ matches the provided boolean value.

--suppressed-by-ends-with <suppressed_by_ends_with>

Only show Spydertrace resources where field ‘Suppressed By’ ‘ends-with’ provided.

--suppressed-by-starts-with <suppressed_by_starts_with>

Only show Spydertrace resources where field ‘Suppressed By’ ‘starts-with’ provided.

--suppressed-by-not-contains <suppressed_by_not_contains>

Only show Spydertrace resources where field ‘Suppressed By’ ‘not-contains’ provided.

--suppressed-by-contains <suppressed_by_contains>

Only show Spydertrace resources where field ‘Suppressed By’ ‘contains’ provided.

--suppressed-by-not-equals <suppressed_by_not_equals>

Only show Spydertrace resources where field ‘Suppressed By’ ‘not-equals’ provided.

--suppressed-by-equals <suppressed_by_equals>

Only show Spydertrace resources where field ‘Suppressed By’ ‘equals’ provided.

--trigger-ends-with <trigger_ends_with>

Only show Spydertrace resources where field ‘Trigger UID’ ‘ends-with’ provided.

--trigger-starts-with <trigger_starts_with>

Only show Spydertrace resources where field ‘Trigger UID’ ‘starts-with’ provided.

--trigger-not-contains <trigger_not_contains>

Only show Spydertrace resources where field ‘Trigger UID’ ‘not-contains’ provided.

--trigger-contains <trigger_contains>

Only show Spydertrace resources where field ‘Trigger UID’ ‘contains’ provided.

--trigger-not-equals <trigger_not_equals>

Only show Spydertrace resources where field ‘Trigger UID’ ‘not-equals’ provided.

--trigger-equals <trigger_equals>

Only show Spydertrace resources where field ‘Trigger UID’ ‘equals’ provided.

--trigger-cgroup-ends-with <trigger_cgroup_ends_with>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘ends-with’ provided.

--trigger-cgroup-starts-with <trigger_cgroup_starts_with>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘starts-with’ provided.

--trigger-cgroup-not-contains <trigger_cgroup_not_contains>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘not-contains’ provided.

--trigger-cgroup-contains <trigger_cgroup_contains>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘contains’ provided.

--trigger-cgroup-not-equals <trigger_cgroup_not_equals>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘not-equals’ provided.

--trigger-cgroup-equals <trigger_cgroup_equals>

Only show Spydertrace resources where field ‘Trigger Cgroup’ ‘equals’ provided.

--trigger-short-name-ends-with <trigger_short_name_ends_with>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘ends-with’ provided.

--trigger-short-name-starts-with <trigger_short_name_starts_with>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘starts-with’ provided.

--trigger-short-name-not-contains <trigger_short_name_not_contains>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘not-contains’ provided.

--trigger-short-name-contains <trigger_short_name_contains>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘contains’ provided.

--trigger-short-name-not-equals <trigger_short_name_not_equals>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘not-equals’ provided.

--trigger-short-name-equals <trigger_short_name_equals>

Only show Spydertrace resources where field ‘Trigger Short Name’ ‘equals’ provided.

--include-linkback

Include linkback to the console to view the trace.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

top-data

Get top-data by name or id.

spyctl get top-data [OPTIONS] [NAME_OR_ID]

Options

--uid <uid>

Only show resources with this uid.

-E, --exact, --exact-match

Exact match for NAME_OR_ID. This command’s default behavior displays any resource that contains the NAME_OR_ID.

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

-e, --end-time <et>

End time of the query. Default is now.

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

--id-ends-with <id_ends_with>

Only show SpyderTop Data resources where field ‘UID’ ‘ends-with’ provided.

--id-starts-with <id_starts_with>

Only show SpyderTop Data resources where field ‘UID’ ‘starts-with’ provided.

--id-not-contains <id_not_contains>

Only show SpyderTop Data resources where field ‘UID’ ‘not-contains’ provided.

--id-contains <id_contains>

Only show SpyderTop Data resources where field ‘UID’ ‘contains’ provided.

--id-not-equals <id_not_equals>

Only show SpyderTop Data resources where field ‘UID’ ‘not-equals’ provided.

--id-equals <id_equals>

Only show SpyderTop Data resources where field ‘UID’ ‘equals’ provided.

--muid-ends-with <muid_ends_with>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘ends-with’ provided.

--muid-starts-with <muid_starts_with>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘starts-with’ provided.

--muid-not-contains <muid_not_contains>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘not-contains’ provided.

--muid-contains <muid_contains>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘contains’ provided.

--muid-not-equals <muid_not_equals>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘not-equals’ provided.

--muid-equals <muid_equals>

Only show SpyderTop Data resources where field ‘Machine UID’ ‘equals’ provided.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

get-object

Hydrate object(s) with the given ID(s).

spyctl get-object [OPTIONS] IDS

Options

-o, --output <output>

Output format.

Options:

yaml | json | ndjson

Arguments

IDS

Required argument

Use “spyctl <command> –help” for more information about a given command.

import

Import previously exported policies by file name into a new organization context.

spyctl import [OPTIONS]

Options

-f, --filename <filename>

Required Filename containing policies to import.

Use “spyctl <command> –help” for more information about a given command.

logs

Print the logs for a specified resource. Default behavior is to print out the logs for the last 24 hours.

spyctl logs [OPTIONS] RESOURCE [NAME_OR_ID]

Options

-f, --follow

Specify if the logs should be streamed

-t, --start-time <st>

Get logs since this time. Default is 24 hours ago.

-e, --end-time <et>

End time of the query. Default is now.

--tail <tail>

Lines of recent log file to display. Defaults to -1.

--timestamps

Include timestamps on each line in the log output.

--full

Show the full log, not just the description.

--since-iterator <since_iterator>

Retrieve all logs since the provided iterator.

Arguments

RESOURCE

Required argument

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

merge

Merge target Baselines and Policies with other Resources.

Merging in Spyctl requires a target Resource (e.g. a Baseline or Policy

document you are maintaining) and a Resource to merge into the target. A target can either be a local file supplied using the -f option or a policy you’ve applied to the Spyderbat Backend supplied with the -p option. By default, target’s are merged with deviations if they are applied policies, otherwise they are merged with relevant* Fingerprints from the last 24 hours to now. Targets may also be merged with local files with the -w option or with data from an existing applied policy using the -P option.

When merging a single local file with another resource, the output will

be sent to stdout. WARNING: Do not redirect output to the same file you used as input. You may use the -O flag to output the merged data to a unique file with a name generate by Spyctl.

When bulk merging local files, the output for each merge operation will

be outputted to unique files generated by Spyctl (the same as supplying the -O flag mentioned above).

When merging existing applied policies in bulk or individually, the default

destination for the output will be to apply it directly to the Spyderbat Backend (you will have a chance to review the merge before any changes are applied). This removes the requirement to deal with local files when managing policies. However, it is a good idea to back up policies in a source-control repository. You can also use the -O operation to send the output of this merge to a local file.

Examples:

# merge a local policy file with data from the last

# 24hrs to now:

spyctl merge -f policy.yaml

# merge a local policy file with data from its

# latestTimestamp field to now:

spyctl merge -f policy.yaml –latest

# merge an existing applied policy with data from the

# last 24hrs to now:

spyctl merge -p <NAME_OR_UID>

# Bulk merge all existing policies with data from the

# last 24hrs to now:

spyctl merge -p

# Bulk merge multiple policies with data from the

# last 24hrs to now:

spyctl merge -p <NAME_OR_UID1>,<NAME_OR_UID2>

# Bulk merge all files in cwd matching a pattern with data

# from the last 24hrs to now:

spyctl merge -f *.yaml

# merge an existing applied policy with a local file:

spyctl merge -p <NAME_OR_UID> –with-file fingerprints.yaml

# merge a local file with data from an existing applied policy

spyctl merge -f policy.yaml -P <NAME_OR_UID>

# merge a local file with a valid UID in its metadata with the matching

# policy in the Spyderbat Backend

spyctl merge -f policy.yaml -P

• Each policy has one or more Selectors in its spec field,

relevant Fingerprints are those that match those Selectors.

For time field options such as –start-time and –end-time you can use (m) for minutes, (h) for hours (d) for days, and (w) for weeks back from now or provide timestamps in epoch format.

Note: Long time ranges or “get” commands in a context consisting of multiple machines can take a long time.

spyctl merge [OPTIONS]

Options

-f, --filename <filename>

Target file(s) of the merge. This argument is mutually exclusive with arguments: [policy].

-p, --policy <policy>

Target policy name(s) or uid(s) of the merge. If supplied with no argument, set to ‘all’. This argument is mutually exclusive with arguments: [filename].

-w, --with-file <with_file>

File to merge into target. This argument is mutually exclusive with arguments: [with_policy].

-P, --with-policy <with_policy>

Policy uid to merge with target. If supplied with no argument then spyctl will attempt to find a policy matching the uid in the target’s metadata. This argument is mutually exclusive with arguments: [with_file].

-l, --latest

Merge file with latest records using the value of ‘latestTimestamp’ in the target’s ‘metadata’. This replaces –start-time.

-o, --output <output>

Options:

yaml | json | ndjson | default

-t, --start-time <st>

Start time of the query for fingerprints to merge. Only used if –latest, –with-file, and –with-policy are not set. Default is 24 hours ago.

-e, --end-time <et>

End time of the query for fingerprints to merge. Only used if –with-file and –with-policy are not set. Default is now.

-O, --output-to-file

Should output merge to a file. Unique filename created from the name in the object’s metadata.

--full-diff

A diff summary is shown by default, set this flag to show the full object when viewing a diff following a merge. (All changes to the object are shown in the summary).

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively. This argument is mutually exclusive with arguments: [yes_except].

-Y, --yes-except, --assume-yes-except-review

Automatic yes to merge prompts; assume “yes” as answer to all merge prompts but still prompts review of policy updates before applying. This argument is mutually exclusive with arguments: [yes].

--include-network, --exclude-network

Include or exclude network data in the merge. Default is to include network data in the merge.

--colorize, --no-colorize

Specify coloration on or off. Default is on.

Use “spyctl <command> –help” for more information about a given command.

notifications

Configure notifications for a Spyderbat resource.

spyctl notifications [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

configure

Configure notifications for a Spyderbat resource.

spyctl notifications configure [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Configure notifications for a custom flag.

spyctl notifications configure custom-flag [OPTIONS] NAME_OR_UID

Options

--target-map <target_map>

Map target names to template names, can be used multiple times. Usage: –target-map TGT_NAME=TEMPLATE_NAME

--targets <targets>

The Name or UID of targets to send notifications to.

--cooldown-by <cooldown_by>

The cooldown by field(s).

--cooldown <cooldown>

The cooldown period in seconds.

--is-disabled

Disable notifications.

Arguments

NAME_OR_UID

Required argument

saved-query

Configure notifications for a saved query.

spyctl notifications configure saved-query [OPTIONS] NAME_OR_UID

Options

--target-map <target_map>

Map target names to template names, can be used multiple times. Usage: –target-map TGT_NAME=TEMPLATE_NAME

--targets <targets>

The Name or UID of targets to send notifications to.

--cooldown-by <cooldown_by>

The cooldown by field(s).

--cooldown <cooldown>

The cooldown period in seconds.

--is-disabled

Disable notifications.

Arguments

NAME_OR_UID

Required argument

disable

Disable notifications for a Spyderbat resource.

spyctl notifications disable [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Disable notifications for a custom flag.

spyctl notifications disable custom-flag [OPTIONS] NAME_OR_UID

Arguments

NAME_OR_UID

Required argument

saved-query

Disable notifications for a saved query.

spyctl notifications disable saved-query [OPTIONS] NAME_OR_UID

Arguments

NAME_OR_UID

Required argument

enable

Enable notifications for a Spyderbat resource.

spyctl notifications enable [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

custom-flag

Enable notifications for a custom flag.

spyctl notifications enable custom-flag [OPTIONS] NAME_OR_UID

Arguments

NAME_OR_UID

Required argument

saved-query

Enable notifications for a saved query.

spyctl notifications enable saved-query [OPTIONS] NAME_OR_UID

Arguments

NAME_OR_UID

Required argument

list

List notifications on a Spyderbat resource.

spyctl notifications list [OPTIONS] [NAME_OR_ID]

Options

-o, --output <output>

Options:

yaml | json | ndjson | default | wide

--page <page>

Page number of resources to display.

--page-size <page_size>

Number of resources to display per page.

--reversed

Reverse the order of the results.

--refUID-equals <refuid_equals>

Filter by refUID matching the specified string.

Arguments

NAME_OR_ID

Optional argument

Use “spyctl <command> –help” for more information about a given command.

search

Search for objects in the given schema.

spyctl search [OPTIONS] [SCHEMA] [QUERY]

Options

-l, --list-schemas

-d, --describe

-o, --output <output>

Output format.

Options:

yaml | json | ndjson | default

-t, --start-time <st>

Start time of the query. Default is 24 hours ago.

-u, --use-query <use_query>

The name or uid of a saved query. Use ‘spyctl get saved-queries’ to list available saved queries.

-s, --save-query <save_query>

Save the query you use for future use. Once saved, you can use the –use-query option to run the query again. Supplying a value for thisoption will save the query with the given name.

-D, --description <description>

Provide a description of up to 500 characters when saving a query.

-S, --skip-results

Validates the query without retrieving results. Also useful for saving a query

-e, --end-time <et>

End time of the query. Default is now.

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

SCHEMA

Optional argument

QUERY

Optional argument

Use “spyctl <command> –help” for more information about a given command.

show-schema

Display the schema of a specific resource

spyctl show-schema [OPTIONS] {baseline|config|fingerprint|fingerprint-
                   group|policy|cluster-policy|secret|trace-suppression-
                   policy|uid-list}

Arguments

KIND

Required argument

Use “spyctl <command> –help” for more information about a given command.

suppress

Tune your environment by suppressing Spyderbat Resources

spyctl suppress [OPTIONS] COMMAND [ARGS]...

Use “spyctl <command> –help” for more information about a given command.

trace

Suppress one or many Spyderbat Resources

spyctl suppress trace [OPTIONS] TRACE_UID

Options

-u, --include-users

Scope the trace suppression policy to the users found in the trace

-n, --name <name>

Optional name for the Suppression Policy, if not provided, a name will be generated automatically

-y, --yes, --assume-yes

Automatic yes to prompts; assume “yes” as answer to all prompts and run non-interactively.

Arguments

TRACE_UID

Required argument

Use “spyctl <command> –help” for more information about a given command.

test-notification

Send test notifications to Targets or Notification Routes.

Targets are named destinations like email, slack hooks, webhooks, or sns topics. Notification Routes define which notifications are send to which targets. Testing a notification route will send a test notification to one or many targets it is configured with.

spyctl test-notification [OPTIONS]

Options

-T, --target <target>

Required Target name or UID to send a test notification to.

-P, --template <template>

Required Template name or UID of the same type as the target.

-f, --record-file <record_file>

File containing a JSON record used to build the notification.

Use “spyctl <command> –help” for more information about a given command.

validate

Validate spyderbat resource and spyctl configuration files.

example:

spyctl validate -f my_policy.yaml

spyctl validate [OPTIONS]

Options

-f, --filename <file>

Required Target file to validate

--colorize, --no-colorize

Specify coloration on or off. Default is on.

Use “spyctl <command> –help” for more information about a given command.

revision 4