Distributed queries return seemingly wrong results due to numerical precision issues when converting numbers to strings. For example, the query:

SELECT ROUND(3.531, 2) as num;

returns

"distributed_query_433":[{"num":"3.5299999999999998"}]

The correct result can be achieved by using a cast:

SELECT CAST(ROUND(3.531, 2) as text) as num;

returns

"distributed_query_435":[{"num":"3.53"}]

Should we document this in the Distributed queries section? Something like: Query results are converted to text strings for transmission, which may result in a loss of precision for numeric values. Result values may be converted to text with SQLite

cast,

which may be preferable for some queries. For example:

SELECT CAST(ROUND(3.531, 2) as text) as num;

Is the behavior different in

osqueryi

than distributed? Because it looks correct in osqueryi…

Yes. The behavior is different.