https://github.com/osquery/osquery logo
#general
Title
# general
z

Zach Zeid

07/28/2020, 9:03 PM
Interestingly, I have this as a schedule
Copy code
"schedule": {
     "ping_pong": {
        "query": "select year, month, day from time;",
        "interval": 10
       }
  },
but I don't see it show up in either my tls endpoint, or in aws_firehose, or in the results.log
z

zwass

07/28/2020, 9:07 PM
Run
osqueryd
with
--verbose
and see if it logs that the query is being executed.
Oh, but the problem is that you are running the query in differential mode and nothing is changing (except when there is a new day).
z

Zach Zeid

07/28/2020, 9:09 PM
oh.
hmm.
is that merely adding
"snapshot": true
?
z

zwass

07/28/2020, 9:11 PM
Yes. Or make the query return a different result each time (
select unix_time
)
z

Zach Zeid

07/28/2020, 9:11 PM
👍 got it, thanks!
5 Views