pid from file_events table in osquery The osquery file_events table does not contain the pid. I would like to get the file activites along with pid of process doing that file activity like rename/delete etc This is for Linux versions where process_file_events is not available. how can this be achieved?