I’m not immediately sure why we are using a timestamp as the first value. This might explain the fact that sometimes I have seen queries run almost immediately when osquery starts, probably because the initial timestamp was a multiple of the query interval and it almost seemed like it was recovering time lost during the downtime indeed. But it’s a bit more “r (in the sense that even if normally when they run is relative to when they start, even the precise second osquery starts at counts).