Osquery uses basic SQL commands to leverage a relational data-model to describe a device.

osquery

is there a reason why it might hit that limit?

There is likely a query that is eating up a lot of memory and triggering the watchdog. You can read up about that in the "Daemon control flags" section <https://osquery.readthedocs.io/en/stable/installation/cli-flags/|here>.

By default, when the watchdog is triggered, any queries running will be denylisted and won't run again for 24 hours.

You can get an idea of what queries might be triggering the watchdog by looking at the `osquery_schedule` table for any  scheduled queries that are denylisted:

```SELECT * FROM osquery_schedule WHERE denylisted = 1;```
The `average_memory` column might give you some insight into which query is causing the issue.

For distributed queries (Detail queries, live queries and policy queries), you can check the Fleet logs for errors that include `denylisted`.