Does anyone know why I'd be getting this error with osqueryi "W0107 101827.182194 1508 options.cpp:101] Cannot set unknown or invalid flag: utc" - installed via chocolatey and is version 5.2.0.

utc

flag was removed in version 5.2.0

this was a brand new install, not settings have been changed.

Ah, it has been removed but we did not remove it from the

osquery.example.conf

which on Windows (only) is renamed and used as a base

osquery.conf

so temporarily, i'll need to edit the osquery.conf file on the install?

yep, just remove the

utc

line from the config file

Seems like there may be a little more that needs to be updated in the default osquery.conf file for windows. Removing the line for utc is causing the conf to be invalid. "update failed to parse config" after removing the "utc" line.

Make sure it’s valid json? The trailing comma from the line above might need to be removed too

ah, yes that was it