MACHINE_SUMMARY_V View
This view provides a historical summary of machines with some aggregation.
Lacework continuously monitors machines in your environment and returns a row in the MACHINE_SUMMARY_V view when Lacework detects a new key. For this view, a key is generated from the MID (machine id), START_TIME, and END_TIME. Note that the machine rows are aggregated hourly. For example, if the same key is detected twice between 1:00 AM (START_TIME) and 1:59 AM (END_TIME), only one row is returned for this hour. For the next hour, the START_TIME (2:00 AM) and END_TIME (2:59 AM) are different so if the same machine is detected again, a new row is returned because the key is different.
Note that both running and non-running VMs are reported.
Each row contains machine information as listed in the columns.
| Column Name | Data Type | Description |
|---|---|---|
| START_TIME | Timestamp | The time and date when the hourly aggregation time period starts. |
| END_TIME | Timestamp | The time and date when the hourly aggregation time period ends. |
| MID | Number | The Lacework-generated machine identifier that uniquely identifies the machine. |
| HOSTNAME | Text | The hostname of the machine. |
| MACHINE_TAGS | JSON Object | The tags or labels assigned to machines (such as VMs) to categorize them. |
| PRIMARY_IP_ADDR | Text | The primary IP address assigned to this machine. |
| ENTITY_TYPE | Text | The entity type for Machine summary content. |