Hey Team, I'm having a problem in getting data from osquery.db via osqueryi. it shows me different results from distributedWrite API response. For example, this

osquery_flags

query. DistributedWrite API give me the correct data from what I've changed via Fleet App Config agent options. But, osqueryi data never change:

osquery> select name, value from osquery_flags where name in ("distributed_interval", "config_tls_refresh", "config_refresh", "logger_tls_period");
+----------------------+-------+
| name                 | value |
+----------------------+-------+
| config_refresh       | 0     |
| distributed_interval | 60    |
| logger_tls_period    | 4     |
+----------------------+-------+

DistributedWrite response:

"fleet_detail_query_osquery_flags":[{"name":"config_refresh","value":"20"},{"name":"distributed_interval","value":"120"},{"name":"logger_tls_period","value":"10"}]

Am I missing some steps when using osqueryi? Could anyone give me some advises? Thanks!

osquery isn’t really a database, it’s closer to an API translation layer. Eg: osqueryi does not talk to oqueryd, it is a separate thing.