Channels
  • a

    asparamancer

    1 year ago
    could someone confirm, what the --schedule_epoch counter is/should be? The docs say a 64 bit int, and some articles give a unix time for it whereas other people says it's the number of times that query would run until it was reset
  • s

    seph

    1 year ago
    These are used in tracking diff queries. The counter is the diff query count, and should be used for ordering. The epoch is a mechanism for a site to reset the diff query state. Set it to whatever you want, change it as needed.
  • a

    asparamancer

    1 year ago
    Thanks, is it just any number? Or is it a unix time stamp, or the number of seconds until the diff should be reset?
  • theopolis

    theopolis

    1 year ago
    Yeap, just any number of your choosing. Tools that integrate with osquery usually make use of this field.
  • s

    seph

    1 year ago
    There is nothing like a countdown, so it’s very much up to the tool. When I design systems like this, I usually use a unix time stamp. It’s easy, doesn’t require any coordination and is self documenting. But that’s not inherent.
  • a

    asparamancer

    1 year ago
    ah so it's just a reference marker?
    can ignore, have been testing and understand how it works now