POD_SUMMARY_V View
This view provides a historical summary of pods with some aggregation. A pod is a collection of one or more running containers. For more information, see Pod Overview.
Lacework continuously monitors for pods in your environment and returns a row in the POD_SUMMARY_V view when Lacework detects a new key. For this view, a key is generated from the MID (machine id), POD_NAME, START_TIME, and END_TIME. Note that the pod rows are aggregated hourly. For example, if the same key is detected twice between 1:00 AM (START_TIME) and 1:59 AM (END_TIME), only one row is returned for this hour. For the next hour, the START_TIME (2:00 AM) and END_TIME (2:59 AM) are different so if the same process is detected again, a new row is returned because the key is different.
Each row contains pod information as listed in the columns.
| Column Name | Data Type | Description |
|---|---|---|
| START_TIME | Timestamp | The time and date when the hourly aggregation time period starts. |
| END_TIME | Timestamp | The time and date when the hourly aggregation time period ends. |
| MID | Number | The system-generated machine identifier of the pod. |
| POD_NAME | Text | The name of a pod. A pod is a collection of one or more running containers. For more information, see Pod Overview. |
| PRIMARY_IP_ADDR | Text | The IP address assigned to the pod. |
| PROPS_CONTAINER | JSON Object | The properties associated with container and pod. |