Hello Comunity! Bug report What operating system and version are you using? NAME="Ubuntu" VERSION_ID="22.04" VERSION="22.04.2 LTS (Jammy Jellyfish)" +-------------------------------+-------+----------+ | version | build | platform | +-------------------------------+-------+----------+ | 22.04.2 LTS (Jammy Jellyfish) | | ubuntu | +-------------------------------+-------+----------+ What version of osquery are you using? +---------+ | version | +---------+ | 5.0.1.1 | +---------+ What steps did you take to reproduce the issue? SELECT * from bpf_process_events where parent = 0; This is been seen for bpf_process_events and bpf_socket_events also in processes table parent = 0 is never seen. What did you expect to see? expected to see o rows for the query SELECT * from bpf_process_events where parent = 0; Even if osquery will update it's parent later I'm getting parent 0 in osqyeryd aswell! Expected to see any parent_pid except 0 in the bpf_process_events. What did you see instead? Parent as 0 for many rows.