Wireshark • Display Filter Reference: Sysdig Event

Display Filter Reference: Sysdig Event

Protocol field name: sysdig

Versions: 2.0.0 to 4.6.0

Field name	Description	Type	Versions
sysdig.cpu_id	CPU ID	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.event_data_len	Event data length	Unsigned integer (32 bits)	4.6.0
sysdig.event_len	Event length	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.event_name	Event name	Character string	4.2.0 to 4.6.0
sysdig.event_type	Event type	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.nparams	Number of parameters	Unsigned integer (32 bits)	3.2.13 to 3.2.18, 3.4.5 to 4.6.0
sysdig.param.accept.fd	fd	Signed integer (64 bits)	2.0.0 to 3.0.14
sysdig.param.accept.flags	flags	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.accept.queuelen	queuelen	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.accept.queuemax	queuemax	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.accept.queuepct	Accept queue per connection	Unsigned integer (8 bits)	2.0.0 to 4.0.17
sysdig.param.accept.tuple	tuple	Byte sequence	2.0.0 to 4.0.17
sysdig.param.accept4.flags	flags	Unsigned integer (32 bits)	4.2.0 to 4.2.14
sysdig.param.accept4.queuelen	queuelen	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.accept4.queuemax	queuemax	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.accept4.queuepct	queuepct	Unsigned integer (8 bits)	4.2.0 to 4.6.0
sysdig.param.accept4.tuple	tuple	Byte sequence	4.2.0 to 4.6.0
sysdig.param.access.mode	mode	Byte sequence	3.2.0 to 3.6.0
sysdig.param.asyncevent.data	data	Byte sequence	4.2.0 to 4.2.14
sysdig.param.asyncevent.plugin_id	plugin_id	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.bpf.cmd	cmd	Signed integer (64 bits)	3.2.0 to 4.6.0
sysdig.param.bpf.res_or_fd	res_or_fd	Byte sequence	3.2.0 to 4.6.0
sysdig.param.brk.res	res	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.capset.cap_effective	cap_effective	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.capset.cap_inheritable	cap_inheritable	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.capset.cap_permitted	cap_permitted	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.chmod.filename	filename	Character string	3.6.1 to 4.6.0
sysdig.param.clone3.args	args	Character string	4.2.0 to 4.6.0
sysdig.param.clone3.cgroups	cgroups	Byte sequence	4.2.0 to 4.6.0
sysdig.param.clone3.comm	comm	Character string	4.2.0 to 4.6.0
sysdig.param.clone3.cwd	cwd	Character string	4.2.0 to 4.6.0
sysdig.param.clone3.exe	exe	Character string	4.2.0 to 4.6.0
sysdig.param.clone3.fdlimit	fdlimit	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.pgft_maj	pgft_maj	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.pgft_min	pgft_min	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.pidns_init_start_ts	pidns_init_start_ts	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.ptid	ptid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.tid	tid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.vm_rss	vm_rss	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.vm_size	vm_size	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.vm_swap	vm_swap	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.vpid	vpid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.clone3.vtid	vtid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.container.id	id	Character string	2.0.0 to 3.0.14
sysdig.param.container.image	image	Character string	2.0.0 to 4.6.0
sysdig.param.container.json	json	Character string	3.2.0 to 4.6.0
sysdig.param.container.type	type	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.copy_file_range.fdin	fdin	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.copy_file_range.fdout	fdout	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.copy_file_range.offin	offin	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.copy_file_range.offout	offout	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.cpu_hotplug.action	action	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.cpu_hotplug.cpu	cpu	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.delete_module.flags	flags	Signed integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.delete_module.name	name	Character string	4.4.0 to 4.6.0
sysdig.param.drop.ratio	ratio	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.dup.oldfd	oldfd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.dup3.newfd	newfd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.epoll_create.size	size	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.epoll_wait.maxevents	maxevents	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.eventfd.initval	initval	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.eventfd2.initval	initval	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.execve.args	Program arguments	Character string	2.0.0 to 4.0.17
sysdig.param.execve.cgroups	cgroups	Byte sequence	2.0.0 to 4.0.17
sysdig.param.execve.comm	Command	Character string	2.0.0 to 4.0.17
sysdig.param.execve.cwd	Current working directory	Character string	2.0.0 to 4.0.17
sysdig.param.execve.env	env	Character string	2.0.0 to 4.0.17
sysdig.param.execve.exe	exe	Character string	2.0.0 to 4.0.17
sysdig.param.execve.fdlimit	fdlimit	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.execve.filename	filename	Character string	3.2.0 to 3.6.0
sysdig.param.execve.loginuid	loginuid	Signed integer (32 bits)	3.2.0 to 4.0.17
sysdig.param.execve.pgft_maj	pgft_maj	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.execve.pgft_min	pgft_min	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.execve.pid	pid	Byte sequence	2.0.0 to 3.0.14
sysdig.param.execve.ptid	ptid	Byte sequence	2.0.0 to 4.0.17
sysdig.param.execve.tid	tid	Byte sequence	2.0.0 to 4.0.17
sysdig.param.execve.tty	tty	Signed integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.execve.vm_rss	vm_rss	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.execve.vm_size	vm_size	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.execve.vm_swap	vm_swap	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.execveat.env	env	Character string	4.2.0 to 4.6.0
sysdig.param.execveat.exe_ino	exe_ino	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.execveat.exe_ino_ctime	exe_ino_ctime	Byte sequence	4.2.0 to 4.6.0
sysdig.param.execveat.exe_ino_mtime	exe_ino_mtime	Byte sequence	4.2.0 to 4.6.0
sysdig.param.execveat.fdlimit	fdlimit	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.execveat.loginuid	loginuid	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.execveat.pgid	pgid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.execveat.trusted_exepath	trusted_exepath	Character string	4.4.0 to 4.6.0
sysdig.param.execveat.tty	tty	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.execveat.uid	uid	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.fchmod.mode	mode	Byte sequence	3.6.1 to 4.0.17
sysdig.param.fchmodat.filename	filename	Byte sequence	3.6.1 to 4.0.17
sysdig.param.fchownat.gid	gid	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.fchownat.pathname	pathname	Character string	4.2.0 to 4.6.0
sysdig.param.fchownat.uid	uid	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.fcntl.res	res	Signed integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.finit_module.fd	fd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.finit_module.flags	flags	Signed integer (32 bits)	4.2.0 to 4.2.14
sysdig.param.finit_module.uargs	uargs	Character string	4.2.0 to 4.6.0
sysdig.param.flock.operation	operation	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.fsconfig.aux	aux	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.fsconfig.cmd	cmd	Byte sequence	4.2.0 to 4.6.0
sysdig.param.fsconfig.key	key	Character string	4.2.0 to 4.6.0
sysdig.param.fsconfig.value_bytebuf	value_bytebuf	Byte sequence	4.2.0 to 4.6.0
sysdig.param.fsconfig.value_charbuf	value_charbuf	Character string	4.2.0 to 4.6.0
sysdig.param.futex.op	op	Byte sequence	2.0.0 to 4.6.0
sysdig.param.futex.val	val	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.getgid.gid	gid	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.getresgid.egid	egid	Signed integer (32 bits)	2.0.0 to 4.2.14
sysdig.param.getresgid.rgid	rgid	Signed integer (32 bits)	2.0.0 to 4.2.14
sysdig.param.getresgid.sgid	sgid	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.getresuid.euid	euid	Signed integer (32 bits)	2.0.0 to 4.2.14
sysdig.param.getresuid.ruid	ruid	Signed integer (32 bits)	2.0.0 to 4.2.14
sysdig.param.getresuid.suid	suid	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.getsockopt.level	level	Byte sequence	3.2.0 to 4.6.0
sysdig.param.getsockopt.optlen	optlen	Unsigned integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.getsockopt.optname	optname	Byte sequence	3.2.0 to 4.6.0
sysdig.param.getsockopt.val	val	Byte sequence	3.2.0 to 4.6.0
sysdig.param.getuid.uid	uid	Byte sequence	2.0.0 to 4.0.17
sysdig.param.groupdeleted.container_id	container_id	Character string	4.2.0 to 4.6.0
sysdig.param.infra.description	description	Character string	3.2.0 to 4.6.0
sysdig.param.infra.name	name	Character string	3.6.1 to 4.0.17
sysdig.param.infra.scope	scope	Character string	3.2.0 to 4.6.0
sysdig.param.infra.source	source	Character string	3.2.0 to 4.6.0
sysdig.param.init_module.img	img	Byte sequence	4.2.0 to 4.6.0
sysdig.param.init_module.length	length	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.inotify_init.flags	flags	Unsigned integer (8 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_enter.min_complete	min_complete	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_enter.sig	sig	Byte sequence	4.2.0 to 4.6.0
sysdig.param.io_uring_enter.to_submit	to_submit	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_register.arg	arg	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_register.nr_args	nr_args	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_register.opcode	opcode	Byte sequence	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.cq_entries	cq_entries	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.entries	entries	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.features	features	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.sq_entries	sq_entries	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.sq_thread_cpu	sq_thread_cpu	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.io_uring_setup.sq_thread_idle	sq_thread_idle	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.ioctl.argument	I/O control: argument	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.ioctl.request	I/O control: request	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.len	Parameter length	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.lens	Parameter lengths	Byte sequence	2.0.0 to 4.6.0
sysdig.param.link.newpath	newpath	Character string	3.6.1 to 4.0.17
sysdig.param.link.oldpath	oldpath	Character string	3.6.1 to 4.0.17
sysdig.param.linkat.flags	flags	Byte sequence	3.2.0 to 3.6.0
sysdig.param.linkat.newdir	newdir	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.linkat.newpath	newpath	Character string	3.2.0 to 3.6.0
sysdig.param.linkat.olddir	olddir	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.linkat.oldpath	oldpath	Character string	3.2.0 to 3.6.0
sysdig.param.linkat.res	res	Byte sequence	3.2.0 to 3.6.0
sysdig.param.listen.backlog	backlog	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.llseek.whence	whence	Byte sequence	2.0.0 to 4.6.0
sysdig.param.memfd_create.name	name	Character string	4.2.0 to 4.2.14
sysdig.param.mkdirat.path	path	Byte sequence	3.2.0 to 4.0.17
sysdig.param.mknodat.dev	dev	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.mknodat.dirfd	dirfd	Signed integer (64 bits)	4.2.0 to 4.2.14
sysdig.param.mknodat.mode	mode	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.mknodat.path	path	Character string	4.2.0 to 4.2.14
sysdig.param.mknodat.res	res	Signed integer (64 bits)	4.2.0 to 4.2.14
sysdig.param.mlock2.addr	addr	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.mlock2.len	len	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.mmap2.pgoffset	pgoffset	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.mmap2.prot	prot	Byte sequence	2.0.0 to 4.0.17
sysdig.param.mmap2.res	res	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.mount.dev	dev	Character string	2.0.0 to 4.6.0
sysdig.param.mount.dir	dir	Character string	2.0.0 to 4.6.0
sysdig.param.mount.type	type	Character string	2.0.0 to 4.6.0
sysdig.param.mprotect.prot	prot	Signed integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.munmap.addr	addr	Unsigned integer (64 bits)	2.0.0 to 3.0.14
sysdig.param.munmap.length	length	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.nanosleep.interval	interval	Byte sequence	2.0.0 to 4.6.0
sysdig.param.newfstatat.dirfd	dirfd	Signed integer (64 bits)	4.4.0 to 4.6.0
sysdig.param.newfstatat.path	path	Character string	4.4.0 to 4.6.0
sysdig.param.notification.desc	desc	Character string	3.2.0 to 4.6.0
sysdig.param.notification.id	id	Character string	3.2.0 to 4.6.0
sysdig.param.open_by_handle_at.mountfd	mountfd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.openat.dev	dev	Unsigned integer (32 bits)	3.2.0 to 4.0.17
sysdig.param.openat.dirfd	dirfd	Signed integer (64 bits)	3.2.0 to 3.6.0
sysdig.param.openat.fd	fd	Signed integer (64 bits)	3.2.0 to 3.6.0
sysdig.param.openat.mode	mode	Unsigned integer (32 bits)	2.0.0 to 3.6.0
sysdig.param.openat.name	name	Character string	3.2.0 to 3.6.0
sysdig.param.openat2.dirfd	dirfd	Signed integer (64 bits)	3.6.1 to 4.0.17
sysdig.param.openat2.fd	fd	Signed integer (64 bits)	3.6.1 to 4.0.17
sysdig.param.openat2.flags	flags	Byte sequence	3.6.1 to 4.0.17
sysdig.param.openat2.mode	mode	Unsigned integer (32 bits)	3.6.1 to 4.6.0
sysdig.param.openat2.name	name	Byte sequence	3.6.1 to 4.0.17
sysdig.param.openat2.resolve	resolve	Signed integer (32 bits)	3.6.1 to 4.6.0
sysdig.param.page_fault.addr	addr	Unsigned integer (64 bits)	3.2.0 to 4.0.17
sysdig.param.page_fault.error	error	Signed integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.page_fault.ip	ip	Unsigned integer (64 bits)	3.2.0 to 4.6.0
sysdig.param.pidfd_getfd.flags	flags	Unsigned integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.pidfd_getfd.pid_fd	pid_fd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.pidfd_getfd.target_fd	target_fd	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.pidfd_open.pid	pid	Signed integer (64 bits)	4.2.0 to 4.2.14
sysdig.param.pipe.fd1	fd1	Signed integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.pipe.fd2	fd2	Signed integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.pipe.ino	ino	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.pipe2.fd1	fd1	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.pipe2.fd2	fd2	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.pipe2.ino	ino	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.pluginevent.event_data	event_data	Byte sequence	3.6.1 to 4.6.0
sysdig.param.pluginevent.plugin_ID	plugin_ID	Unsigned integer (32 bits)	3.6.1 to 4.0.17
sysdig.param.poll.timeout	timeout	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.ppoll.fds	fds	Byte sequence	2.0.0 to 4.6.0
sysdig.param.ppoll.sigmask	sigmask	Byte sequence	2.0.0 to 4.6.0
sysdig.param.ppoll.timeout	timeout	Byte sequence	2.0.0 to 4.6.0
sysdig.param.prctl.arg2_int	arg2_int	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.prctl.arg2_str	arg2_str	Character string	4.2.0 to 4.6.0
sysdig.param.prctl.option	option	Byte sequence	4.2.0 to 4.6.0
sysdig.param.prlimit.newcur	newcur	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.prlimit.newmax	newmax	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.prlimit.oldcur	oldcur	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.prlimit.oldmax	oldmax	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.prlimit.resource	resource	Byte sequence	2.0.0 to 4.6.0
sysdig.param.process_vm_writev.data	data	Byte sequence	4.4.0 to 4.6.0
sysdig.param.process_vm_writev.pid	pid	Signed integer (64 bits)	4.4.0 to 4.6.0
sysdig.param.procexit.core	core	Unsigned integer (8 bits)	3.6.1 to 4.6.0
sysdig.param.procexit.reaper_tid	reaper_tid	Signed integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.procexit.ret	ret	Signed integer (64 bits)	3.6.1 to 4.6.0
sysdig.param.procexit.status	status	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.procinfo.cpu_sys	cpu_sys	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.procinfo.cpu_usr	cpu_usr	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.ptrace.addr	addr	Byte sequence	2.0.0 to 4.6.0
sysdig.param.ptrace.data	data	Byte sequence	2.0.0 to 4.0.17
sysdig.param.ptrace.request	request	Byte sequence	2.0.0 to 4.6.0
sysdig.param.pwritev.pos	pos	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.pwritev.size	size	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_bhardlimit	dqb_bhardlimit	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_bsoftlimit	dqb_bsoftlimit	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_btime	dqb_btime	Byte sequence	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_curspace	dqb_curspace	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_ihardlimit	dqb_ihardlimit	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_isoftlimit	dqb_isoftlimit	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqb_itime	dqb_itime	Byte sequence	2.0.0 to 4.6.0
sysdig.param.quotactl.dqi_bgrace	dqi_bgrace	Byte sequence	2.0.0 to 4.6.0
sysdig.param.quotactl.dqi_flags	dqi_flags	Signed integer (8 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.dqi_igrace	dqi_igrace	Byte sequence	2.0.0 to 4.6.0
sysdig.param.quotactl.id	id	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.quota_fmt	quota_fmt	Signed integer (8 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.quota_fmt_out	quota_fmt_out	Signed integer (8 bits)	2.0.0 to 4.6.0
sysdig.param.quotactl.quotafilepath	quotafilepath	Character string	2.0.0 to 4.6.0
sysdig.param.quotactl.special	special	Character string	2.0.0 to 4.6.0
sysdig.param.quotactl.type	type	Signed integer (8 bits)	2.0.0 to 4.6.0
sysdig.param.recvmsg.msgcontrol	msgcontrol	Byte sequence	4.4.0 to 4.6.0
sysdig.param.renameat.newdirfd	newdirfd	Signed integer (64 bits)	2.0.0 to 3.6.0
sysdig.param.renameat.newpath	newpath	Character string	2.0.0 to 3.0.14
sysdig.param.renameat.olddirfd	olddirfd	Signed integer (64 bits)	2.0.0 to 3.6.0
sysdig.param.renameat.oldpath	oldpath	Character string	2.0.0 to 3.0.14
sysdig.param.renameat2.newdirfd	newdirfd	Signed integer (64 bits)	3.6.1 to 4.6.0
sysdig.param.renameat2.newpath	newpath	Character string	3.6.1 to 4.6.0
sysdig.param.renameat2.olddirfd	olddirfd	Signed integer (64 bits)	3.6.1 to 4.6.0
sysdig.param.renameat2.oldpath	oldpath	Character string	3.6.1 to 4.6.0
sysdig.param.scapevent.event_data	event_data	Unsigned integer (64 bits)	4.2.0 to 4.6.0
sysdig.param.scapevent.event_type	event_type	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.seccomp.flags	flags	Unsigned integer (64 bits)	4.4.0 to 4.6.0
sysdig.param.seccomp.op	op	Unsigned integer (64 bits)	3.2.0 to 4.6.0
sysdig.param.semctl.cmd	cmd	Signed integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semctl.semid	semid	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.semctl.semnum	semnum	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.semctl.val	val	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.semget.key	key	Signed integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.semget.nsems	nsems	Signed integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.semget.semflg	semflg	Signed integer (32 bits)	3.2.0 to 4.6.0
sysdig.param.semop.nsops	nsops	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_flg_0	sem_flg_0	Signed integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_flg_1	sem_flg_1	Signed integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_num_0	sem_num_0	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_num_1	sem_num_1	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_op_0	sem_op_0	Signed integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.semop.sem_op_1	sem_op_1	Signed integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.sendfile.in_fd	in_fd	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.sendfile.offset	offset	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.sendfile.out_fd	out_fd	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.sendfile.size	size	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.setns.nstype	nstype	Signed integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.setpgid.pgid	pgid	Byte sequence	3.2.0 to 4.0.17
sysdig.param.setpgid.pid	pid	Byte sequence	3.2.0 to 4.0.17
sysdig.param.setregid.egid	egid	Signed integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.setregid.res	res	Signed integer (64 bits)	4.4.0 to 4.6.0
sysdig.param.setregid.rgid	rgid	Signed integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.setreuid.euid	euid	Signed integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.setreuid.ruid	ruid	Signed integer (32 bits)	4.4.0 to 4.6.0
sysdig.param.setrlimit.cur	cur	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.setrlimit.max	max	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.shutdown.how	how	Byte sequence	2.0.0 to 4.6.0
sysdig.param.signaldeliver.dpid	dpid	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.signaldeliver.sig	sig	Byte sequence	2.0.0 to 4.0.17
sysdig.param.signaldeliver.spid	spid	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.signalfd.mask	mask	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.signalfd4.flags	flags	Signed integer (16 bits)	4.2.0 to 4.6.0
sysdig.param.signalfd4.mask	mask	Unsigned integer (32 bits)	4.2.0 to 4.6.0
sysdig.param.socketpair.domain	domain	Byte sequence	2.0.0 to 4.6.0
sysdig.param.socketpair.peer	peer	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.socketpair.proto	proto	Unsigned integer (32 bits)	2.0.0 to 4.6.0
sysdig.param.socketpair.source	source	Unsigned integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.splice.fd_in	fd_in	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.splice.fd_out	fd_out	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.switch.next	next	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.symlink.linkpath	linkpath	Character string	3.6.1 to 4.0.17
sysdig.param.symlinkat.linkdirfd	linkdirfd	Signed integer (64 bits)	2.0.0 to 4.6.0
sysdig.param.symlinkat.linkpath	linkpath	Character string	2.0.0 to 4.6.0
sysdig.param.symlinkat.target	target	Character string	2.0.0 to 4.6.0
sysdig.param.syscall.ID	ID	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.syscall.nativeID	nativeID	Unsigned integer (16 bits)	2.0.0 to 4.6.0
sysdig.param.sysdigevent.event_data	event_data	Unsigned integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.sysdigevent.event_type	event_type	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.timerfd_create.clockid	clockid	Unsigned integer (8 bits)	2.0.0 to 4.6.0
sysdig.param.tracer.id	id	Signed integer (64 bits)	3.2.0 to 4.6.0
sysdig.param.tracer.tags	tags	Byte sequence	3.2.0 to 4.6.0
sysdig.param.umount.flags	flags	Byte sequence	2.0.0 to 3.0.14
sysdig.param.umount.name	name	Character string	2.0.0 to 3.0.14
sysdig.param.umount.res	res	Byte sequence	2.0.0 to 3.0.14
sysdig.param.unlink.path	path	Character string	2.0.0 to 3.0.14, 3.6.1 to 4.0.17
sysdig.param.unlinkat.dirfd	dirfd	Signed integer (64 bits)	2.0.0 to 3.0.14
sysdig.param.userdeleted.home	home	Character string	4.2.0 to 4.6.0
sysdig.param.userdeleted.shell	shell	Character string	4.2.0 to 4.6.0
sysdig.param.userfaultfd.res	res	Byte sequence	3.6.1 to 4.0.17
sysdig.param.vfork.fdlimit	fdlimit	Signed integer (64 bits)	2.0.0 to 4.0.17
sysdig.param.vfork.gid	gid	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.vfork.uid	uid	Unsigned integer (32 bits)	2.0.0 to 4.0.17
sysdig.param.vfork.vpid	vpid	Byte sequence	2.0.0 to 4.0.17
sysdig.param.vfork.vtid	vtid	Byte sequence	2.0.0 to 4.0.17
sysdig.thread_id	Thread ID	Unsigned integer (64 bits)	2.0.0 to 4.6.0