Hi, I'm building a query to fetch data process_events table (previously i was using processes). I'm not able to find any column corresponding to process "name" in process_events table. "name" column is present in processes table. Is process name not supported for event based table or is there any other way to fetch the same. Thanks.

It is easy enough to join the process_events table with processes table and receive all the information you need, please try:

SELECT * FROM process_events LEFT OUTER JOIN processes USING(pid)

Will it work if process spawns and exits between the query intervals ? My understanding is that process table would fetch running processes at that point in time when query is fired whereas process_events table will fetch data from its backing store which has stored all processes spawned/terminated during a time frame. Please clarify.

I don't know the answer to this. I suggest you test it. If you do - please let me know what you found out - I would like to use it as well.

@Prakhar, @yuvalapidot Joining against processes will not always work. It only works if the specific process in question (from process_events) is running at the time the scheduled query is executed. Very temporal commands are missed (grep, awk, etc). Instead, use a regex to parse the "name" from the path such that the results look the same as the "processes" table. Check this out...

SELECT *,REPLACE(path, (SELECT REGEX_SPLIT(path, "[\.\w-]+$", 0)), '' ) AS name from process_events;